Exploit/Advisories
Published on February 29th, 2020 📆 | 2570 Views ⚑
0CandidATS 2.1.0 – Cross-Site Request Forgery (Add Admin)
# Title: CandidATS 2.1.0 - Cross-Site Request Forgery (Add Admin)
# Date: 2020-02-21
# Exploit Author: J3rryBl4nks
# Vendor Homepage: https://sourceforge.net/u/auieo/profile/
# Software Link: https://sourceforge.net/projects/candidats/files/#Version 2.1.0
# Tested on Ubuntu 19/Kali Rolling
# The Candid ATS Web application is vulnerable to CSRF to add a new admin user:
#CSRF Proof of Concept:
Gloss