Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSRF Vulnerability Discovered #795

Closed
shellsniper opened this issue Jul 5, 2018 · 2 comments
Closed

CSRF Vulnerability Discovered #795

shellsniper opened this issue Jul 5, 2018 · 2 comments

Comments

@shellsniper
Copy link

shellsniper commented Jul 5, 2018
edited

Description:
CSRF (Cross-site request forgery) Vulnerability discovered in Gleez CMS v1.2.0 when I penetrate testing a couple of vulnerabilities in Demo website: https://demo.gleezcms.org.

POC:

  1. Log in as a user or admin

  2. Add new page or blog
    image

  3. Intercept POST request when a normal user or admin submitting a new page or blog,
    image

  4. Launch a CSRF attack
    image

Exec code:
image

Snippet is here:
https://github.com/levoncf/Path_of_CVE/blob/master/CSRF_POC.html

  1. Proof of Attack Successed!
    image

image
@shellsniper
Copy link
Author

For POC, you need to gain user cookie/session by yourself, then to generate the payload

@sandeepone
Copy link
Member

#794 #796

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sandeepone @shellsniper