Liman 0.7 crosssite request forgery (change password) Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2020-10-12 |
Type : webapps |
Platform : multiple
This exploit / vulnerability Liman 0.7 crosssite request forgery (change password) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Liman 0.7 - Cross-Site Request Forgery (Change Password)
# Date: 2020-10-07
# Exploit Author: George Tsimpidas
# Software Link : https://github.com/salihciftci/liman/releases/tag/v0.7
# Version: 0.7
# Tested on: Ubuntu 18.04.5 LTS (Bionic Beaver)
# Category: Webapp
Description:
There is no CSRF protection in Liman application, with a little help
of social engineering (like sending a link via email/chat) an attacker may
force the victim to click on a malicious link, with the purpose of
manipulating his current account information, or changing entirely his
password.