Skip to content

FurqanKhan1/CVE-2019-13497

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
CSRF.PNG
CSRF.PNG
 
 
README.md
README.md
 
 
logged_out.PNG
logged_out.PNG
 
 

Repository files navigation

CVE-2019-13497

Exploit Title: Cross Site Request Forgery (CSRF)
Date: 07/10/2019
Exploit Author: Furqan Khan
Vendor Homepage: https://www.oneidentity.com/
Software Link: https://www.oneidentity.com/products/cloud-access-manager/
Version: 8.1.3
Tested on: Kali Linux , Windows 7 ,Ubantu 16.04

To exploit this vulnerability an attacker can simply create a HTML form that would submit a logout request and share the link with the victim.On clicking the link , the logout request will be triggered in background and it shall logout the victim from his valid session and from the website..

The content of CSRF payload is given as under

injected.jpg

Now when the victim would load / click the attcak link shared , he would get logged out from his session

injected.jpg

Bingo ! That was easy !

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published