Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-33409 PoC — miniCal 跨站请求伪造漏洞

Source
https://github.com/Thirukrishnan/CVE-2023-33409
Associated Vulnerability
Title:miniCal 跨站请求伪造漏洞 (CVE-2023-33409)
Description:Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via minical/public/application/controllers/settings/company.php.
Readme
# CVE-2023-33409

Minical 1.0.0 is vulnerable to Cross-Site Request Forgery.

Vendor:       <https://github.com/minical/minical>

Demo Application: <https://demo.minical.io/>

***

## PoC

The application does not have any CSRF protection, hence a specially crafted HTTP request can be used to, 

- Add New User 
- Delete Existing User
- Edit the existing User’s Email Address and other sensitive information.

The payloads for different attacks can be generated using the Generate CSRF POC tool in BurpSuite.

Example:

Add New User:

![image](https://github.com/Thirukrishnan/CVE-2023-33409./assets/63901950/91c6a17a-b826-4f8b-877a-1094cb25f6a6)
File Snapshot

 [4.0K]  /data/pocs/d57943bc120be76d7b602fa2dbdeba8c7918f7e8
└── [ 652]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →