GetSimple CMS Multi User 1.8.2 Cross Site Request Forgery ≈ Packet Storm – Digitalmunition




Exploit/Advisories no-image-featured-image.png

Published on August 13th, 2020 📆 | 8104 Views ⚑

0

GetSimple CMS Multi User 1.8.2 Cross Site Request Forgery ≈ Packet Storm

# Exploit Title: GetSimple CMS Plugin Multi User v1.8.2 – Cross-Site Request Forgery (Delete Admin/User)
# Exploit Author: Bobby Cooke (boku) & Adeeb Shah (@hyd3sec)
# Date: August 12, 2020
# Vendor Homepage: http://get-simple.info/extend/plugin/multi-user/133/
# Software Link: http://get-simple.info/extend/export/960/133/multi-user.zip
# Version: 1.8.2
# Tested On: Windows 10 Pro + XAMPP
# CWE-352: Cross-Site Request Forgery (CSRF)
# Vulnerability Description:
# Cross-Site Request Forgery (CSRF) vulnerability in Multi User v1.8.2 plugin for GetSimple CMS allows remote attackers to delete admin/user users via authenticated admin visiting a third-party site or clicking a URL.

## Usage:
+ Change to target IP address or domain name
+ Change to target username to delete

## CSRF GET URL Method
/admin/load.php?id=user-managment&deletefile=

## CSRF POST Form Method



”/>


# Exploit Title: GetSimple CMS Plugin Multi User v1.8.2 – Cross-Site Request Forgery (Add Admin)
# Exploit Author: Bobby Cooke (boku) & Adeeb Shah (@hyd3sec)
# Date: August 12, 2020
# Vendor Homepage: http://get-simple.info/extend/plugin/multi-user/133/
# Software Link: http://get-simple.info/extend/export/960/133/multi-user.zip
# Version: 1.8.2
# Tested On: Windows 10 Pro + XAMPP
# CWE-352: Cross-Site Request Forgery (CSRF)
# Vulnerability Description:
# Cross-Site Request Forgery (CSRF) vulnerability in Multi User v1.8.2 plugin for GetSimple CMS allows remote attackers to add an Admin user via authenticated admin visiting a third-party site.

## Usage:
+ Change to target IP address or domain name
+ Change to target username
+ Change to target password

## CSRF POST Form Method



”/>






Source link

Tagged with:



Leave a Reply

Your email address will not be published. Required fields are marked *


loading...