Exploitation Summary
EIP tracks 1 public exploit for CVE-2024-56924. PoCs published by ipratheep.
AI-analyzed exploit summary This repository provides a detailed writeup and video PoC for CVE-2024-56924, a CSRF vulnerability in astro Internet Banking System version 2.0.0. It describes how an attacker can craft a malicious HTML page to perform unauthorized actions on behalf of authenticated users.
Description
A Cross Site Request Forgery (CSRF) vulnerability in Code Astro Internet banking system 2.0.0 allows remote attackers to execute arbitrary JavaScript on the admin page (pages_account), potentially leading to unauthorized actions such as changing account settings or stealing sensitive user information. This vulnerability occurs due to improper validation of user requests, which enables attackers to exploit the system by tricking the admin user into executing malicious scripts.
Exploits (1)
This repository provides a detailed writeup and video PoC for CVE-2024-56924, a CSRF vulnerability in astro Internet Banking System version 2.0.0. It describes how an attacker can craft a malicious HTML page to perform unauthorized actions on behalf of authenticated users.
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N