Online Shopping Alphaware 1.0 Cross Site Request Forgery ≈ Packet Storm – Digitalmunition




Exploit/Advisories no-image-featured-image.png

Published on August 7th, 2020 📆 | 1857 Views ⚑

0

Online Shopping Alphaware 1.0 Cross Site Request Forgery ≈ Packet Storm

# Exploit Title: Online Shopping Alphaware 1.0 – Cross-Site Request Forgery (Account Takeover)
# Date: 2020-8-4
# Exploit Author: Edo Maland
# Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14368&title=Online+Shopping+Alphaware+in+PHP%2FMysql
# Version: 1.0
# Tested On Windows & Linux Server

# Vulnerability Details
# Description : Account Take over and Edit Profil Customer

# POC

The email and password parameters can be forged to force the password change of another user account.

# CSRF HTML

















Source link

Tagged with:



Leave a Reply

Your email address will not be published. Required fields are marked *


loading...