0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Advanced Webhost Billing System 3.7.0 - Cross-Site Request Forgery Vulnerability
# Exploit Title: Advanced Webhost Billing System 3.7.0 - Cross-Site Request Forgery (CSRF) # Exploit Author: Rahul Ramakant Singh # Vendor Homepage: https://www.awbs.com/ # Version: 3.7.0 # Tested on Windows Steps: 1. Login into the application with the help of email and password. 2. Navigate to my additional contact page and add one contact for the same 3. Now there is option for delete the contact from the list. 4. Now Logout from the application and same create a one CSRF POC having having action of delete contact and same blank the token value from CSRF POC. 5. Now again login into the application and Send a link of this crafted page(generated CSRF POC) to the victim. 6. When the victim user opens the link, a script present on the crafted page sends a request for delete of contact to the server with an active session ID of the victim and accept the blank token value from the request. 7. Contact successfully deleted. # 0day.today [2024-12-25] #