Skip to content

emirhanerdogu/CVE-2023-47014-Sticky-Notes-App-Using-PHP-with-Source-Code-v1.0-CSRF-to-CORS

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits

README.md

README.md

 
 

Repository files navigation

CVE-2023-47014-Sticky-Notes-App-Using-PHP-with-Source-Code-v1.0-CSRF-to-CORS

Exploit Author: emirhanerdogu

Vendor Homepage

https://www.sourcecodester.com/php/16928/sticky-notes-app-using-php-source-code.html

Software Link

https://www.sourcecodester.com/download-code?nid=16928&title=Sticky+Notes+App+Using+PHP+with+Source+Code

Overview

Cross Site Request Forgery vulnerability in Remyandrade Sticky Notes App Using PHP with Source Code v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the add-note.php component.

Vulnerability Details

CVE ID: CVE-2023-47014.
Affected Version: Sticky-Notes V1.0
Vulnerable File: Origin
Parameter Names: -
Attack Type: Local

Description

When the Origin header information is added in the annotation field, the CORS vulnerability does not occur. However, when the CSRF PoC was created and the Burp Collaborator address was added to it, the CORS vulnerability was triggered.

Proof of Concept (PoC) :

Request and Response:

image

CSRF PoC:

image

image

Exploit:

image

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published