Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-57523 PoC — SourceCodester Packers and Movers Management System 安全漏洞

Source
https://github.com/HackWidMaddy/CVE-2024-57523.
Associated Vulnerability
Title:SourceCodester Packers and Movers Management System 安全漏洞 (CVE-2024-57523)
Description:SourceCodester Packers and Movers Management System是Sourcecodester开源的一个包装工和搬运工管理系统。 SourceCodester Packers and Movers Management System 1.0版本存在安全漏洞,该漏洞源于Users.php包含一个跨站请求伪造漏洞。
Readme
# CVE-2024-57523 - CSRF Vulnerability in Users.php - SourceCodester Packers and Movers Management System 1.0

## Description

This repository contains a Proof of Concept (PoC) for a **Cross-Site Request Forgery (CSRF)** vulnerability in the **Packers and Movers Management System 1.0** by **SourceCodester**. The vulnerability exists in the **Users.php** endpoint, which allows attackers to create unauthorized admin accounts by sending crafted requests to an authenticated admin user.

## Vulnerability Details

- **CVE-2024-57523**
- **Affected Product:** Packers and Movers Management System 1.0
- **Affected Component:** Users.php endpoint
- **Attack Type:** Remote
- **Impact:** Privilege Escalation, Information Disclosure
- **Security Implications:** Exploiting this vulnerability allows attackers to create unauthorized admin accounts, leading to privilege escalation and potential further attacks or data breaches.

## Proof of Concept (PoC)

This repository includes a PoC video, **CVE-2024-57523.mkv**, demonstrating how an attacker can exploit this CSRF vulnerability to create an admin account without proper authorization. The PoC showcases the process of crafting a malicious request that is triggered when an authenticated admin unknowingly visits a crafted page.

## Attack Vectors

- Exploitation requires an authenticated admin user to unknowingly execute a crafted script sent by an attacker.

## Mitigation Recommendations

To mitigate this vulnerability, the following security measures are recommended:

1. **CSRF Protection:** Implement CSRF tokens in all forms that perform state-changing actions (e.g., creating users), ensuring each request is validated with a unique session token.
2. **SameSite Cookies:** Set the `SameSite` attribute on session cookies to restrict their sending to requests originating from the same site, reducing the likelihood of CSRF attacks.
3. **Action Validation:** Introduce additional verification mechanisms, such as confirming high-impact actions like creating admin accounts via prompts or email verification.

## Vendor Information

- **Vendor:** SourceCodester
- **Product URL:** [SourceCodester Packers and Movers Management System](http://sourcecodester.com)

## Affected Versions

- Packers and Movers Management System 1.0

## Discoverer

- **Madhav Shah** - Security Researcher

## References

- [Packers and Movers Management System Official Website](http://packers.com)
- [SourceCodester](http://sourcecodester.com)

---
File Snapshot

 [4.0K]  /data/pocs/376e6e3cf54cb52ce81d90a8e36df8c4d3d0296a
├── [4.9M]  CVE-2024-57523.mkv
└── [2.4K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.