Linux vps-61133.fhnet.fr 4.9.0-19-amd64 #1 SMP Debian 4.9.320-2 (2022-06-30) x86_64
Apache/2.4.25 (Debian)
Server IP : 93.113.207.21 & Your IP : 216.73.216.119
Domains :
Cant Read [ /etc/named.conf ]
User : www-data
Terminal
Auto Root
Create File
Create Folder
Localroot Suggester
Backdoor Destroyer
Readme
/
var /
www /
html /
gmd.bdcloud.fr /
public /
test /
Delete
Unzip
Name
Size
Permission
Date
Action
buttons.php
5.17
KB
-rw-r--r--
2022-09-27 16:06
index.html
1
B
-rw-r--r--
2022-09-27 16:06
test_arrays.php
17.5
KB
-rw-r--r--
2022-09-27 16:06
test_badges.php
16.2
KB
-rw-r--r--
2022-09-27 16:06
test_csrf.php
2.25
KB
-rw-r--r--
2022-09-27 16:06
test_exec.php
2.6
KB
-rw-r--r--
2022-09-27 16:06
test_forms.php
4.32
KB
-rw-r--r--
2022-09-27 16:06
test_sessionlock.php
2.12
KB
-rw-r--r--
2022-09-27 16:06
Save
Rename
<?php //define("NOLOGIN",1); // This means this output page does not require to be logged. //if (!defined('NOREQUIREUSER')) define('NOREQUIREUSER', '1'); //if (!defined('NOREQUIREDB')) define('NOREQUIREDB', '1'); if (!defined('NOREQUIRESOC')) { define('NOREQUIRESOC', '1'); } //if (!defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1'); if (!defined('NOSTYLECHECK')) { define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data } if (!defined('NOCSRFCHECK')) { define('NOCSRFCHECK', '1'); // Do not check anti CSRF attack test } if (!defined('NOTOKENRENEWAL')) { define('NOTOKENRENEWAL', '1'); // Do not check anti POST attack test } //if (!defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu //if (!defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php //if (!defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library if (!defined("NOLOGIN")) { define("NOLOGIN", '1'); // If this page is public (can be called outside logged session) } require '../../main.inc.php'; // Security if ($dolibarr_main_prod) { accessforbidden(); } /* * View */ ?> This is a form to test if a CSRF exists into a Dolibarr page.<br> <br> - Change url to send request to into this file (URL to a hard coded page on a server B)<br> - Open this form into a virtual server A.<br> - Send the request to the virtual server B by clicking submit.<br> - Check that Anticsrf protection is triggered.<br> <br> <?php $urltosendrequest = "http://127.0.0.1/dolibarr/htdocs/user/group/card.php"; print 'urltosendrequest = '.$urltosendrequest.'<br><br>'; ?> Test post <form method="POST" action="<?php echo $urltosendrequest; ?>" target="_blank"> <!-- <input type="hidden" name="token" value="123456789"> --> <input type="text" name="action" value="add"> <input type="text" name="nom" value="New group test"> <input type="submit" name="submit" value="Submit"> </form> Test logout <html> <body> <script>history.pushState('', '', '/')</script> <form action="http://localhostgit/dolibarr_dev/htdocs/user/logout.php"> <input type="submit" value="Submit request" /> </form> <script> document.forms[0].submit(); </script> </body> </html>