CVE-2024-56901

This exploit demonstrates a CSRF vulnerability in GeoVision GV-ASManager 6.1.1.0 or earlier, allowing attackers to create an admin account via a crafted GET request. The PoC includes a malicious HTML form that submits a request to the target application, leveraging the vulnerability to create a new administrator account.

This repository provides a detailed technical analysis of CVE-2024-56903, a vulnerability in Geovision GV-ASManager that allows attackers to modify POST requests to GET, enabling CSRF attacks when chained with CVE-2024-56901. The writeup includes step-by-step exploitation details and screenshots.

This repository contains a working PoC for CVE-2024-56901, a CSRF vulnerability in Geovision GV-ASManager v6.1.1.0 or less. The exploit demonstrates how an attacker can create an admin account via a crafted GET request, leveraging CVE-2024-56903 to change the request method from POST to GET.