Daily Expenses Management System 1.0 Cross SIte Request Forgery ≈ Packet Storm
# Exploit Title: Daily Expenses Management System 1.0 - Cross-Site Request Forgery
# Date: 2020-8-5
# Exploit Author: Edo Maland
# Vendor Homepage: https://www.sourcecodester.com/php/14372/daily-tracker-system-phpmysql.html
# Software Link: https://www.sourcecodester.com/php/14372/daily-tracker-system-phpmysql.html
# Version: 1.0
# Tested on: XAMPP / Windows 10
# Date: 2020-8-5
# Exploit Author: Edo Maland
# Vendor Homepage: https://www.sourcecodester.com/php/14372/daily-tracker-system-phpmysql.html
# Software Link: https://www.sourcecodester.com/php/14372/daily-tracker-system-phpmysql.html
# Version: 1.0
# Tested on: XAMPP / Windows 10
# Vulnerability Details
# Description : Cross-Site Request Forgery Lead to Persistent Cross-Site Scripting (CSRF to XSS Stored)
# POC
An attacker can force the admin to add a product
URL : https://example.com/dets/manage-expense.php
- Feature : Add Expense
# CSRF HTML
Gloss