### Critical Vulnerability Information #### Vulnerability Title - SourceCodester Online Student Clearance System V1.0 /admin/add-admin.php - Cross-Site Request Forgery (CSRF) #### Vulnerability Type - Cross-Site Request Forgery (CSRF) #### Basic Information - Target System: Online Student Clearance System - Source Code Link: [Online Student Clearance System using PHP and MySQL](#) - Project Download Link: [Download Source](#) - Submitter: Clausius Fan #### Vulnerability Description The target system is vulnerable to Cross-Site Request Forgery (CSRF) attacks. It does not validate the origin of sensitive requests or verify CSRF tokens. This allows attackers to craft malicious web pages that can trigger authenticated users to perform unauthorized actions, potentially disrupting the system's business logic. #### Proof of Concept 1. **Create CSRF Exploit Page**: Save the following code as `test.html`. 2. **Load PoC**: Open `test.html` in any browser. 3. **Observe Response**: After submitting the request, the system returns the execution result, confirming acceptance of the forged request. #### Test Results - **Observation**: The server processes the forged request without validating the origin or requiring a CSRF token. - **Browser Compatibility**: The exploit works across multiple browsers (tested on Chrome, Safari, and Edge). #### Impact - **Lack of Validation**: The server does not check `Referer` or `Origin` headers and does not require CSRF tokens. - **Attack Scenarios**: - Attackers can create malicious pages to trick users into performing unauthorized actions, such as triggering search requests or modifying user data. - If extended to sensitive operations (e.g., payments or privilege escalation), the impact could be severe. #### Mitigation Strategy 1. Implement CSRF tokens. 2. Validate request origin. 3. Set appropriate cookie attributes. 4. Restrict sensitive operations.