============================================================================================================================================= | # Title : Aero CMS v0.0.1 CSRF Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) | | # Vendor : https://codeload.github.com/MegaTKC/AeroCMS/zip/refs/heads/master | ============================================================================================================================================= poc : [+] Dorking İn Google Or Other Search Enggine. [+] The following html code create a new admin . [+] Go to the line 9. [+] Set the target site link Save changes and apply . [+] infected file : admin/users.php?source=add_user [+] save code as poc.html . Greetings to :============================================================ jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr | ==========================================================================