Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CSRF Vulnerability v1.6 #15

Closed
zxc7528064 opened this issue May 30, 2020 · 7 comments
Closed

CSRF Vulnerability v1.6 #15

zxc7528064 opened this issue May 30, 2020 · 7 comments

Comments

@zxc7528064
Copy link

zxc7528064 commented May 30, 2020

Affected software: Cmsuno CMS

Type of vulnerability: CSRF (Cross-Site Request Forgery)

Discovered by: Noth

Author: Noth

Version : v.1.6

Description: Cmsuno CMS is vulnerable to persistent Cross-Site Request Forgery attacks, which allow malicious users to inject HTML or scripts and forge user permissions to operate .

Vulnerable URL:
http://127.0.0.1/cmsuno-master/uno.php

Step 1 : go to uno.php

Step 2 : Use burpsuite to intercept packets

Step 3 : Generate PoC
2020-05-31_053816

Test Video :
https://drive.google.com/file/d/1ueOxpMRr632gxjDyn-7t8nWlm13iQXgH/view?usp=sharing

No CSRF Token so that can login to the system .

@boiteasite
Copy link
Owner

Thanks, I will add token.
Regards

@zxc7528064
Copy link
Author

@boiteasite Thank you for your attention to security Problem !

@zxc7528064
Copy link
Author

@boiteasite Can I use this Security Issue apply for a CVE Number ?

@boiteasite
Copy link
Owner

No problem.

@zxc7528064 zxc7528064 changed the title CSRF Vulnerability CSRF Vulnerability v1.6 Jun 2, 2020
@karneaud
Copy link

has this been patched?

@boiteasite
Copy link
Owner

Yes, patched. Version 1.6.1.

Regards

@fgeek
Copy link

fgeek commented Aug 4, 2021

CVE-2020-15600 has been assigned for this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants