Customer support system 1.0 crosssite request forgery Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2020-11-11 |
Type : webapps |
Platform : php
This exploit / vulnerability Customer support system 1.0 crosssite request forgery is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Customer Support System 1.0 - Cross-Site Request Forgery (Admin Account Takeover)
# Date: 2020-11-11
# Exploit Author: Ahmed Abbas
# Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14587&title=Customer+Support+System+using+PHP%2FMySQLi+with+Source+Code
# Version: 1.0
# Tested On: Windows 10 Pro 1909 (x64_86) + XAMPP 7.4.4
# Description : Admin Account Takeover
# Vulnerability Details
[+] The username and password parameters can be forged to force the password change of admin user account.