Exploits / Vulnerability Discovered : 2018-08-06 |
Type : webapps |
Platform : php
This exploit / vulnerability Onarcade 2.4.2 crosssite request forgery (add admin) is for educational purposes only and if it is used you will do on your own risk!
the appilication is vulnerable to CSRF attack (No CSRF token in place) meaning that if an admin user can be tricked to visit a crafted URL created by attacker (via spear phishing/social engineering).