-
Notifications
You must be signed in to change notification settings - Fork 83
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CSRF Vulnerability Discovered #795
Comments
For POC, you need to gain user cookie/session by yourself, then to generate the payload |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description:
CSRF (Cross-site request forgery) Vulnerability discovered in Gleez CMS v1.2.0 when I penetrate testing a couple of vulnerabilities in Demo website: https://demo.gleezcms.org.
POC:
Log in as a user or admin
Add new page or blog
![image](https://user-images.githubusercontent.com/16655396/42312020-d1f90760-8071-11e8-8b1d-8c7232278cd2.png)
Intercept POST request when a normal user or admin submitting a new page or blog,
![image](https://user-images.githubusercontent.com/16655396/42312105-0e4d16fc-8072-11e8-87df-cca5e3181f88.png)
Launch a CSRF attack
![image](https://user-images.githubusercontent.com/16655396/42312159-37b6783a-8072-11e8-8dda-23974b67c11e.png)
Exec code:
![image](https://user-images.githubusercontent.com/16655396/42312162-3b776eca-8072-11e8-99d2-6a7bb54ccf9c.png)
Snippet is here:
https://github.com/levoncf/Path_of_CVE/blob/master/CSRF_POC.html
The text was updated successfully, but these errors were encountered: