Open devansh3008 opened 2 years ago
1.) Navigate to the about section and confirm ICEHRM CMS Version.
2.) Now login into the application and go to users.
3.) After this add an user with name Devansh
4.) Now try to delete the user and intercept the request in burpsuite. We can see no CSRF Token in request.
5.) Go to any CSRF POC Generator: https://security.love/CSRF-PoC-Genorator/
6.) Now generate a csrf poc for post based request with necessary parameters.
7.) Finally open that html poc and execute in same the browser session.
8.) Now if we refresh the page, the devansh is deleted to csrf vulnerability.
@gamonoid Please help me with fixing of the issue.
@thilinah could you help me fix this. There are mulitple CSRF Issue I have found. Could you help me fix this. So that i can report others as well?
1.) Navigate to the about section and confirm ICEHRM CMS Version.
2.) Now login into the application and go to users.
3.) After this add an user with name Devansh
4.) Now try to delete the user and intercept the request in burpsuite. We can see no CSRF Token in request.
5.) Go to any CSRF POC Generator: https://security.love/CSRF-PoC-Genorator/
6.) Now generate a csrf poc for post based request with necessary parameters.
7.) Finally open that html poc and execute in same the browser session.
8.) Now if we refresh the page, the devansh is deleted to csrf vulnerability.