CZS CMS 1.3.0 Cross Site Request Forgery

CZS CMS version 1.3.0 suffers from a cross site request forgery vulnerability. Exploit Title: CZS CMS 1.3.0 - Cross Site Request Forgery CSRF Add Admin Date: 2024-05-03 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.cszcms.com Software Link:...

Smart Forms < 2.6.94 - Edit Entries via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk. CSRF PoC CSRF PoC input type="hidden" name="elementOptions"...

Mars: Stored XSS + CSRF in "apellido" value

A stored cross-site scripting and cross-site request forgery vulnerability was discovered in the "apellido" value of a user profile updating form, allowing unauthorized changes to be made to user accounts...

Online Employee Leave Management System 1.0 Cross Site Request Forgery Vulnerability

Exploit Title: Online Employee Leave Management System 1.0 - Cross-Site Request Forgery addemployee.php Exploit Author: Amolo Hunters Software Link: https://www.sourcecodester.com/php/15374/online-employee-leave-management-system-php-free-source-code.html Version: 1.0 Tested on: Linux Title:...

ICEHRM 31.0.0.0S - Cross-site Request Forgery (CSRF) to Account Deletion Vulnerability

Exploit Title: ICEHRM 31.0.0.0S - Cross-site Request Forgery CSRF to Account Deletion Exploit Author: Devansh Bordia Vendor Homepage: https://icehrm.com/ Software Link: https://github.com/gamonoid/icehrm/releases/tag/v31.0.0.OS Version: 31.0.0.OS Tested on: Windows 10 CVE: CVE-2022-26588 1. About...

ICEHRM 31.0.0.0S Cross Site Request Forgery

Exploit Title: ICEHRM 31.0.0.0S - Cross-site Request Forgery CSRF to Account Takeover Date: 18/03/2022 Exploit Author: Devansh Bordia Vendor Homepage: https://icehrm.com/ Software Link: https://github.com/gamonoid/icehrm/releases/tag/v31.0.0.OS Version: 31.0.0.OS Tested on: Windows 10 1. About -...

Exploit for Cross-Site Request Forgery (CSRF) in Irz Ru21_Firmware

ez-iRZ Exploit for CVE-2022-27226 Cross Site Request Forgery...

Rukovoditel 2.6.1 - Cross-Site Request Forgery (Change password)

Exploit Title: Rukovoditel 2.6.1 - Cross-Site Request Forgery Change password Date: 2020-12-14 Exploit Author: KeopssGroup0day,Inc Vendor Homepage: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Version: v2.6.1 Tested on: Kali Linux...

EgavilanMedia User Registration And Login System With Admin Panel 1.0 CSRF

Exploit Title: EgavilanMedia User Registration & Login System with Admin Panel 1.0 - CSRF Date: 01-12-2020 Exploit Author: Hardik Solanki Vendor Homepage: http://egavilanmedia.com Software Link:...

Logitech: One Click Account takeover using Ouath CSRF bypass by adding Null byte %00 in state parameter on www.streamlabs.com

Summary Hello Team I have found a bypass to the this report. 1039749 Steps To Reproduce: 1. Login to attacker's account and go to settings -- account settings. 2. Intercept the request in burp suite and click on merge twitch account. 3. Allow twitch access and once you see a get request in burp...

U.S. Dept Of Defense: POST based RXSS on https://█████ via frm_email parameter

Good Afternoon DoD team, Summary: I have discovered that on the following domain https://███████ there is Post-Based reflected XSS vulnerability which i can trigger with CSRF and Clickjacking due to unsanitized input inside the frmemail parameter Description The vulnerable path is: https://███ CS...

Maian Support Helpdesk 4.3 - Cross-Site Request Forgery (Add Admin) Vulnerability

Exploit for php platform in category web applications Exploit Title: Maian Support Helpdesk 4.3 - Cross-Site Request Forgery Add Admin Author: Besim ALTINOK Vendor Homepage: https://www.maiansupport.com Software Link: https://www.maiansupport.com/zip.html Version: v4.3 Tested on: Xampp Credit:...

Edimax EW-7438RPn - Cross-Site Request Forgery (MAC Filtering) Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Edimax EW-7438RPn - Cross-Site Request Forgery MAC Filtering Exploit Author: Besim ALTINOK Vendor Homepage:...

HackerOne: Login CSRF vulnerability on hackerone.com

Summary Hi. We found a CSRF token bypass on the Hacker One login page. So, this report describes Hacker One login CSRF Token Bypass. Exploitation process Hacker One uses the authenticitytoken token during login to prevent CSRF. However, the authenticitytoken token is not properly verified, so an...

SOPlanning 1.45 - Cross-Site Request Forgery (Add User) Vulnerability

Exploit for php platform in category web applications Exploit Title: SOPlanning 1.45 - Cross-Site Request Forgery Add User Exploit Author: J3rryBl4nks Vendor Homepage: https://www.soplanning.org/en/ Software Link: https://sourceforge.net/projects/soplanning/files/soplanning/ Version 1.45 Tested o...

SOPlanning 1.45 - Cross-Site Request Forgery (Add User)

SOPlanning 1.45 - Cross-Site Request Forgery Add User Exploit Title: SOPlanning 1.45 - Cross-Site Request Forgery Add User Date: 2020-02-14 Exploit Author: J3rryBl4nks Vendor Homepage: https://www.soplanning.org/en/ Software Link: https://sourceforge.net/projects/soplanning/files/soplanning/...

SOPlanning 1.45 Cross Site Request Forgery

Exploit Title: SOPlanning 1.45 - Cross-Site Request Forgery Add User Date: 2020-02-14 Exploit Author: J3rryBl4nks Vendor Homepage: https://www.soplanning.org/en/ Software Link: https://sourceforge.net/projects/soplanning/files/soplanning/ Version 1.45 Tested on Windows 10/Kali Rolling The...

XEROX WorkCentre 7855 Printer - Cross-Site Request Forgery (Add Admin)

XEROX WorkCentre 7855 Printer - Cross-Site Request Forgery Add Admin Exploit Title: XEROX WorkCentre 7855 Printer - Cross-Site Request Forgery Add Admin Date: 2018-12-19 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.xerox.com/ Hardware Link :...

XEROX WorkCentre 6655 Printer - Cross-Site Request Forgery (Add Admin) Vulnerability

Exploit for hardware platform in category web applications Exploit Title: XEROX WorkCentre 6655 Printer - Cross-Site Request Forgery Add Admin Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.xerox.com/ Hardware Link :...

RISE Ultimate Project Manager 2.3 Cross Site Request Forgery

Exploit Title: RISE - Ultimate Project Manager v2.3 - Cross-Site Request Forgery Add Admin Date: 11-11-2019 Exploit Author: Ismail Tasdelen Vendor Homepage: http://fairsketch.com/ Software Link : https://codecanyon.net/item/rise-ultimate-project-manager/15455641 Software : RISE - Ultimate Project...