Stock Management System 1.0 Cross Site Request Forgery ≈ Packet Storm – Digitalmunition




Exploit/Advisories no-image-featured-image.png

Published on August 4th, 2020 📆 | 1673 Views ⚑

0

Stock Management System 1.0 Cross Site Request Forgery ≈ Packet Storm

Stock Management System 1.0 Cross Site Request Forgery
Posted Aug 3, 2020
Authored by Bobby Cooke

Stock Management System version 1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 3c5b73ade86e8add863d011533c5b13b
# Exploit Title: Stock Management System v1.0 - Cross-Site Request Forgery (Change Username)
# Exploit Author: Bobby Cooke
# Date: 2020-08-01
# Vendor Homepage: https://www.sourcecodester.com/php/14366/stock-management-system-php.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/Warren%20Daloyan/stock.zip
# Version: 1.0
# CWE-352: Cross-Site Request Forgery (CSRF)
# CVSS Base Score: 5.9 | Impact Subscore: 4.2 | Exploitability Subscore: 1.6
# CVSS v3.1 Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
# Tested On: Windows 10 Pro + XAMPP | Python 2.7
# Vulnerability Description:
# Cross-Site Request Forgery (CSRF) vulnerability in 'changeUsername.php' webpage of SourceCodesters
# Stock Management System v1.0 allows remote attackers to deny future logins via changing the
# authenticated victims username when they visit a third-party site.










Source link

Tagged with:



Leave a Reply

Your email address will not be published. Required fields are marked *


loading...