Changing the value of the bookisbn parameter under admin privilege will delete the book with that ISBN.
A remote attacker can embed the request into an innocent-looking hyperlink:
Entice the admin to click on the link to the malicious site. When the admin browses to that site, the link would be automatically clicked via JavaScript and the book will be deleted.
Author
KhanhCM (@khanhchauminh)
Version: 1.0
Details
The GET request for deleting a book with
ISBN=12345looks like this:Changing the value of the
bookisbnparameter under admin privilege will delete the book with that ISBN.A remote attacker can embed the request into an innocent-looking hyperlink:
Step to reproduce
PoC:
Response in Burpsuite
Source code review
admin_delete.php
Remediation
Implement an Anti-CSRF Token.
The text was updated successfully, but these errors were encountered: