My First CVE-2022–30931

Cross-Site Request Forgery (CSRF) on Open-Source software Employee Leave Management System.

Discovered by : Nitesh Biwal

Vulnerable Version: V 2.1

Vendor Homepage: https://phpgurukul.com/tourism-management-system-free-download/

Hello, My name is Nitesh Biwal and in this write-up I am going to share my First CVE Id Story.

I was working on an Open-Source software Employee Leave Management System and it was hosted locally on my system through XAMPP Server.

Suddenly I got trigger to hunt on that and I was started looking for the bugs and I found Cross-Site Request Forgery (CSRF).

Bug Description:

Attacker can change the details of any user’s profile like username, phone number etc via Cross-Site Request Forgery (CSRF) attack.

Steps to Reproduce:

1. I have created 2 accounts (Account 1 and Account 2)
2. In Account 1 updated the username and phone number and capture that request into Burp Suite.

3. Right click on the request and clicked on the Generate CSRF PoC from Engagement tools.

4. Copied that HTML code and saved it into the file as .html format.

5. Send that to the Account 2 user and when he open that page and clicked on submit request. BOOM! his profile details has been updated such as username and phone number.

6. Now attacker can reset the password by getting the OTP on his phone number.

I requested for CVE Id for this vulnerability from https://cveform.mitre.org and few weeks later I received mail that my request was approved and this way I got assigned CVE-2022–30931.

Special Thanks to my mentors Rohit Gautam sir and Shifa Cyclewala ma’am

Thank you so much for reading 🙏

My LinkedIn ID: https://www.linkedin.com/in/nitesh-biwal-a414b3157/

My Twitter ID: https://twitter.com/BiwalNitesh