.:: .:: .::
.:: .:: .: .::
.:: .:: .:: .:: .:: .:: .:::: .:.: .: .::
.:: .::.:: .:: .:: .::.:: .:: .:: .: .::
.:: .::.:: .:: .:: .:: .::: .:: .:: .::::: .::
.:: .::.:: .:: .:: .:: .::.:: .:: .:
.::: .:: .::.::.:::.:::.:: .::.:: .:: .::::
.::
.:: .::
.:: .:: .:: .:: .:: .::
.:: .:: .:: .:: .:: .:: .:: .::
.:: .::.: .::.:: .:: .:::
.:: .:: .: .::.:: .:: .::
.::: .:: .:: .:: .::: .::
.::
#Author: Emiliano Febbi (*emilianofebbi.1994@gmail.com*)
#Web Site Creator => ???
#Dork => ???
#CMS => ???
#Vulnz => CSRF/DB overload register.php
#Date => 25/03/2023
#view => https://internetcafe.altervista.org/connect.html
*PoC*
[code]
________________________________________________________________________________________________________
#1 - Steal register form of page register.php => example:(*must be no captcha and does not verify email*)|
_________________________________________________________________________________________________________|
CSRF/DB overload
and save the file *csrf.php*
__________________________________________________________________________________________________________
#2 - Modify file *csrf.php* so: |
__________________________________________________________________________________________________________|
CSRF/DB overload
/*<= add this string*/
and save the file *csrf.php*
___________________________________________________________________________________________________________
#3 - This is a last modify of file *csrf.php*: |
___________________________________________________________________________________________________________|
$str = rand();
$result = md5($str);
?>
CSRF/DB overload
and save the file *csrf.php*
________________________________________________________________________________________________________________
#4 - the *connect.html*: |
Create new file (connect.html) so: |
________________________________________________________________________________________________________________ |
CSRF/DB overload
connect!
connect!
connect!
save so connect.html and finish!
_________________________________________________________________________________________________________________
._________.
*/ ///______I
) . /_(_)
/__/*PoC End*