Exploits / Vulnerability Discovered : 2021-01-06 |
Type : webapps |
Platform : php
This exploit / vulnerability Advanced webhost billing system 3.7.0 crosssite request forgery (csrf) is for educational purposes only and if it is used you will do on your own risk!
1. Login into the application with the help of email and password.
2. Navigate to my additional contact page and add one contact for the same
3. Now there is option for delete the contact from the list.
4. Now Logout from the application and same create a one CSRF POC having having action of delete contact and same blank the token value from CSRF POC.
5. Now again login into the application and Send a link of this crafted page(generated CSRF POC) to the victim.
6. When the victim user opens the link, a script present on the crafted page sends a request for delete of contact to the server with an active session ID of the victim and accept the blank token value from the request.
7. Contact successfully deleted.
Advanced webhost billing system 3.7.0 crosssite request forgery (csrf)