Submit #432501: code-projects Blood Bank Management System 1 Cross-Site Request Forgeryinfo

Titlecode-projects Blood Bank Management System 1 Cross-Site Request Forgery
DescriptionThere is a CSRF vulnerability on this endpoint `file/delete.php?bid=` using the `bid` parameter, a remote user can craft a CSRF attack to delete the available blood samples of a hospital. The parameter is dynamic meaning the attacker may not know the exact bid number, but this can be easily bypassed by using a javascript generated image tag with a lop say 1-100 increasing the chances of deleting the records
Source⚠️ https://github.com/bevennyamande/bloodbank_delete_csrf_attack
User
 0xbeven (UID 76739)
Submission10/27/2024 09:20 PM (2 months ago)
Moderation10/28/2024 07:17 AM (10 hours later)
StatusAccepted
VulDB Entry282008 [code-projects Blood Bank Management System 1.0 /file/delete.php bid cross-site request forgery]
Points19

Might our Artificial Intelligence support you?

Check our Alexa App!