Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Online Examination System Project 1.0 - Cross-site request forgery (CSRF)

🗓️ 13 Jun 2023 00:00:00Reported by Ramil MustafayevType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 301 Views

Online Examination System <=1.0 CSRF vulnerability allows unauthorized account deletio

Code
# Exploit Title: Online Examination System Project 1.0 - Cross-site request forgery (CSRF)
# Google Dork: n/a
# Date: 09/06/2023
# Exploit Author: Ramil Mustafayev (kryptohaker)
# Vendor Homepage: https://github.com/projectworldsofficial/online-examination-systen-in-php
# Software Link: https://github.com/projectworlds32/online-examination-systen-in-php/archive/master.zip
# Version: 1.0
# Tested on: Windows 10, XAMPP for Windows 8.0.28 / PHP 8.0.28
# CVE : n/a

Online Examination System Project <=1.0 versions (PHP/MYSQL) are vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can craft a malicious link that, when clicked by an admin user, will delete a user account from the database without the admin’s consent. This is possible because the application uses GET requests to perform account deletion and does not implement any CSRF protection mechanism. The email of the user to be deleted is passed as a parameter in the URL, which can be manipulated by the attacker. This could result in loss of data.

To exploit this vulnerability, an attacker needs to do the following:

1. Identify the URL of the target application where Online Examination System Project is installed. For example, http://example.com/
2. Identify the email address of a user account that the attacker wants to delete. For example, [email protected]
3. Create an HTML page that contains a hidden form with the target URL and the user email as parameters. For example:

<html>
  <body>
    <form action="http://example.com/update.php" method="GET">
      <input type="hidden" name="demail" value="[email protected]" />
    </form>
    <script>
      document.forms[0].submit();
    </script>
  </body>
</html>

4. Host the HTML page on a server that is accessible by the admin user of the target application. For example, http://attacker.com/poc.html
5. Send the URL of the HTML page to the admin user via email, social media, or any other means.

If the admin user visits the URL of the HTML page, the script will submit the form and delete the user account associated with the email address from the database without the admin’s consent or knowledge.

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
13 Jun 2023 00:00Current
7.4High risk
Vulners AI Score7.4
vulnerable php/mysqlcross-site request forgeryadmin account deletion
301