PHP Scripts Mall Online Food Ordering Script has Cross-Site Request Forgery [CSRF] (PHP-Script-Mall):[CVE-2019-9062]



Vulnerability Description =>Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data since the attacker has no way to see the response to the forged request.





How to exploit:

 

1. Go to Online Food Ordering Script site(http://readymadescript.org/demo/food-ordering-client/)
⇓ ⇓ ⇓ ⇓




2. Click on sign up and register in using your name, mail, and password
⇓ ⇓ ⇓ ⇓




3. Verify your mail id
⇓ ⇓ ⇓ ⇓




4. Come back again Online Food Ordering Script site and log in into your account
⇓ ⇓ ⇓ ⇓




5. Go to My account then Edit Profile and rename according to you and click on update
⇓ ⇓ ⇓ ⇓




6. Make sure that burp interceptor is on and Then Capture the data
⇓ ⇓ ⇓ ⇓




7. Generate CSRF PoC
⇓ ⇓ ⇓ ⇓




8. Copy the code and save using .html extension
⇓ ⇓ ⇓ ⇓




9. Exploit CSRF on Online Food Ordering Script site
⇓ ⇓ ⇓ ⇓

One thought on “PHP Scripts Mall Online Food Ordering Script has Cross-Site Request Forgery [CSRF] (PHP-Script-Mall):[CVE-2019-9062]

Add yours

Leave a comment

Create a website or blog at WordPress.com

Up ↑

Design a site like this with WordPress.com
Get started