Open in app

Sign in

Write

Sign in

Home

Following

Library

Stories

Stats

CVE-2021–26216

Tuhin Bose
Mar 18, 2021

--

# Exploit Title: SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php
# Date: 15/03/21
# Exploit Author: Tuhin Bose
# Vendor Homepage: https://www.seeddms.org/
# Version: 5.1.x
# CVE : CVE-2021–26216

SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php that allows an attacker to edit victim’s documents. To exploit this vulnerability, an attacker has to host the html code in his server and send the link to victim.

Steps to reproduce:

  1. Visit the edit folder page.
  2. Add one document
  3. Capture the request using burp and right click on the request and click on “Engagement tools” “Generate CSRF poc”
  4. Copy the html code and save it as csrf.html on your server.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Infosec
Cybersecurity
Bughunter
Bugbounty
Cve

--

--

Tuhin Bose
Tuhin Bose

Written by Tuhin Bose

879 Followers
18 Following

Cyber Security Researcher | Bug Bounty Hunter | Penetration Tester | Infosec Trainer | Freelancer | Speaker | Blogger

No responses yet

Write a response

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech