Front accounting erp 2.4.3 crosssite request forgery Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2018-02-16 |
Type : webapps |
Platform : php
This exploit / vulnerability Front accounting erp 2.4.3 crosssite request forgery is for educational purposes only and if it is used you will do on your own risk!
The application source code is coded in a way which allows malicious
crafted HTML page to be executed directly without any anti csrf
countermeasures.
2. Proof of Concept
1. Visit the application
2. Visit the User Permissions Page.
3. Goto add user, and create a csrf crafted exploit for the same ,
upon hosting it on a server and sending the link to click by victim, it
gets exploited.
Proof of Concept
Steps to Reproduce:
1. Create an HTML Page with the below exploit code:
-->