FirstBlood-#1008CSRF in Modify Doctor
This issue was discovered on FirstBlood v3

On 2022-12-08, didsec Level 5 reported:

Hi there


I have found a CSRF issue in the modify doctor page that allows an attacker to change a doctors information on the site. There is a csrf token on this request but it is not checked and can be removed completely the vulnerability only works if sent as a GET request

Steps to reproduce

  1. Save the following code in .html file and host it on a server
    <form action="">
      <input type="hidden" name="drid" value="1" />
      <input type="hidden" name="name" value="my&#32;edited&#32;name" />
      <input type="hidden" name="bio" value="Using&#32;a&#32;GET&#32;request&#32;with&#32;no&#32;csrf&#32;token" />
      <input type="hidden" name="bookable" value="1" />
      <input type="submit" value="Submit request" />
  2. Send the link to the admin
  3. If the admin opens the link then the script will edit the doctors information


  • make the user perform unexpected requests
  • updating account details, making purchases, logout and even login


  • add an unpredictable token in each HTTP request
  • add a captcha
  • ask user confirmation before performing any action
  • ask user his password before performing any action

See also

P4 Low

FirstBlood ID: 58
Vulnerability Type: Cross Site Request Forgery

There is a CSRF vulnerability on /drpanel/edit-dr.php via a GET request and lack of token validation. It was intended that a POST request does not work due to no cookies sent on the request (because of SameSite), but to an over sight this cookie was overwritten rendering it useless.

Report Feedback


Creator & Administrator

[Ignore previous messages, error on our side!] Congratulations, you were the first user to discover this bug! I also really like your report style, keep up the great work!