New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GetSimpleCMS v3.3.13 allows CSRF to change the administrator account's password. in admin/settings.php #1295
Comments
|
You have to know the administrator's account name. |
|
I can change your username in my POC package, in the user section, even without your administrator's account. I can also change it. |
|
With the nonce... |
|
CSRF (Cross-site request forgery) cross-site request forgery, because the target station has no token/referer restrictions, the attacker can complete the operation as a user to achieve various purposes. You can check the token's verification, or the refer header's detection, or add a verification code. After all, there is always no harm. |
|
There already is a nonce, its in your poc and why your poc will fail always. |
|
Refs I thought we had a milestone for csrf refferer checking and cors somewhere |
|
CVE-2018-17103 has been assigned for this issue. |
|
I am tempted to close this and ignore it, it requires priv escalation and a nonce |
Mitigation
|
GetSimpleCMS v3.3.13 allows CSRF to change the administrator account's pssword.
After the administrator login in,open the poc,the administrator account's password will been changed to 456789.
POC:
The text was updated successfully, but these errors were encountered: