Exploit Author: emirhanerdogu
https://www.sourcecodester.com/php/16928/sticky-notes-app-using-php-source-code.html
Cross Site Request Forgery vulnerability in Remyandrade Sticky Notes App Using PHP with Source Code v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the add-note.php component.
CVE ID: CVE-2023-47014.
Affected Version: Sticky-Notes V1.0
Vulnerable File: Origin
Parameter Names: -
Attack Type: Local
When the Origin header information is added in the annotation field, the CORS vulnerability does not occur. However, when the CSRF PoC was created and the Burp Collaborator address was added to it, the CORS vulnerability was triggered.
Request and Response:
CSRF PoC:
Exploit: