GetSimple CMS Plugin Multi User 1.8.2 – Cross-Site Request Forgery (Add Admin) – Digitalmunition




Exploit/Advisories 1597398929_spider-orange.png

Published on August 14th, 2020 📆 | 7765 Views ⚑

0

GetSimple CMS Plugin Multi User 1.8.2 – Cross-Site Request Forgery (Add Admin)

# Exploit Title: GetSimple CMS Plugin Multi User v1.8.2 - Cross-Site Request Forgery (Add Admin)
# Exploit Author: Bobby Cooke (boku) & Adeeb Shah (@hyd3sec)
# Date: August 2020-08-12
# Vendor Homepage: http://get-simple.info/extend/plugin/multi-user/133/
# Software Link: http://get-simple.info/extend/export/960/133/multi-user.zip
# Version: 1.8.2
# Tested On: Windows 10 Pro + XAMPP
# CWE-352: Cross-Site Request Forgery (CSRF)
# Vulnerability Description:
#   Cross-Site Request Forgery (CSRF) vulnerability in Multi User v1.8.2 plugin for GetSimple CMS allows remote attackers to add an Admin user via authenticated admin visiting a third-party site.

## Usage: 
+ Change  to target IP address or domain name
+ Change  to target username
+ Change  to target password

## CSRF POST Form Method

  

Source link

Tagged with:



Leave a Reply

Your email address will not be published. Required fields are marked *


loading...