PHP Scripts Mall Online Food Ordering Script has Cross-Site Request Forgery [CSRF] (PHP-Script-Mall):[CVE-2019-9062]



Vulnerability Description =>Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data since the attacker has no way to see the response to the forged request.





How to exploit:

 

1. Go to Online Food Ordering Script site(http://readymadescript.org/demo/food-ordering-client/)
⇓ ⇓ ⇓ ⇓




2. Click on sign up and register in using your name, mail, and password
⇓ ⇓ ⇓ ⇓




3. Verify your mail id
⇓ ⇓ ⇓ ⇓




4. Come back again Online Food Ordering Script site and log in into your account
⇓ ⇓ ⇓ ⇓




5. Go to My account then Edit Profile and rename according to you and click on update
⇓ ⇓ ⇓ ⇓




6. Make sure that burp interceptor is on and Then Capture the data
⇓ ⇓ ⇓ ⇓




7. Generate CSRF PoC
⇓ ⇓ ⇓ ⇓




8. Copy the code and save using .html extension
⇓ ⇓ ⇓ ⇓




9. Exploit CSRF on Online Food Ordering Script site
⇓ ⇓ ⇓ ⇓

Advertisements

One thought on “PHP Scripts Mall Online Food Ordering Script has Cross-Site Request Forgery [CSRF] (PHP-Script-Mall):[CVE-2019-9062]

Add yours

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a website or blog at WordPress.com

Up ↑

Create your website at WordPress.com
Get started
%d bloggers like this: