CVE-2014-10008

Stark CRM 1.0 - Cross-Site Request Forgery in Admin Page

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-10008.

AI-analyzed exploit summary The exploit demonstrates multiple stored XSS and CSRF vulnerabilities in Stark CRM v1.0. It includes functional HTML forms and HTTP requests that exploit these vulnerabilities by injecting malicious scripts and performing unauthorized actions.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Stark CRM 1.0 allow remote attackers to hijack the authentication of administrators for requests that add (1) an administrator via a crafted request to the admin page, (2) an agent via a crafted request to the agent page, (3) a sub-agent via a crafted request to the sub_agent page, (4) a partner via a crafted request to the partner page, or (5) a client via a crafted request to the client page.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/31792

View Code ZIP pw:eip

The exploit demonstrates multiple stored XSS and CSRF vulnerabilities in Stark CRM v1.0. It includes functional HTML forms and HTTP requests that exploit these vulnerabilities by injecting malicious scripts and performing unauthorized actions.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Stark CRM v1.0

Auth required

Prerequisites: Access to a logged-in user's session · Ability to trick a user into visiting a malicious site

MITRE ATT&CK