CVE-2018-11501-Website Seller Script – 2.0.5 -has CSRF

***********************************************
# Exploit Title: Website Seller Script – 2.0.5 -has CSRF
# Date: 09.08.2018
# Site Titel : BUSINESS SALE
# Vendor Homepage: https://www.phpscriptsmall.com/
# Vendor Product : https://www.phpscriptsmall.com/product/website-seller-script/
# Product Link: http://www.officialwebsiteforsale.com/
# Category: Web Application
# Version: 2.0.5
# Exploit Author: Vikas Chaudhary
# Contact: https://gkaim.com/contact-us/
# Web: https://gkaim.com/
# Published on :-
# Tested on: Windows 10 -Firefox
# CVE-CVE-2018-11501.

**********************************************
# VENDOR SUMMARY :- PHP Scripts Mall Pvt. Ltd. is a professional software selling portal offering wide range of innovative .
PHP Scripts Mall is a leading business and technology firm with 12 years of successful track record in
completion and implementation of numerous projects in various verticals and domains..
It has 300 plus PHP scripts ready to buy.

# DESCRIPTION :- The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.
This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
The issue is triggered when an unauthorized input passed via multiple POST and GET parameters are not properly sanitized
before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context
of an affected site.

*******************************************

Proof of Concept:-
1-Open Burp Suite and make Intercept on .
2- Go to Vendor Product Link => Select User Demo
3- Create an account and verify it using your mail id (Choose User Type =>Buyer )
4- Come back to site and loged in
5- Go to Dashboard => MyAccount => Edit Profile
6- Fill the form as you want and Save it
7- Burp will capture the data – Generate CSRF POC -and send it to Target.

Comment Please