This exploit demonstrates multiple CSRF vulnerabilities in phpATM <= 1.32, allowing arbitrary file writes, privilege escalation, and file deletion via crafted HTML forms. It also includes a full path disclosure vulnerability.
Classification
Working Poc 90%
Attack Type
Xss | Auth Bypass | Info Leak
Complexity
Trivial
Reliability
Reliable
Target:phpATM <= 1.32
No auth needed
Prerequisites:Victim must be authenticated as an administrator · Victim must visit a malicious page or click a malicious link