Design a site like this with WordPress.com
Get started

PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Cross-Site Request Forgery (CSRF) for Edit Profile actions:[CVE-2019-9604]



Vulnerability Description=> Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request.







↓ ↓ ↓ ↓ How to Exploit ↓ ↓ ↓ ↓





1. Go to Online Lottery PHP Readymade Script site [http://74.124.215.220/~clienemo/demo/lottery]
⇓ ⇓ ⇓ ⇓




2. Click on sign up and register new account
⇓ ⇓ ⇓ ⇓




3. Verify your mail id
⇓ ⇓ ⇓ ⇓




4. Come back again Online Lottery PHP Readymade Script site and log in into your account
⇓ ⇓ ⇓ ⇓




5. Go to My profile then Edit Profile and rename according to you and click on Save Changes
⇓ ⇓ ⇓ ⇓




6. Make sure that burp interceptor is on and Then Capture the data
⇓ ⇓ ⇓ ⇓




7. Generate CSRF PoC
⇓ ⇓ ⇓ ⇓




8. Copy the code and save using .html extension
⇓ ⇓ ⇓ ⇓






9. Exploit CSRF on Online Lottery PHP Readymade Script site
⇓ ⇓ ⇓ ⇓

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: