Getsimple cms plugin multi user 1.8.2 crosssite request forgery (add admin) Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2020-08-13 |
Type : webapps |
Platform : php
This exploit / vulnerability Getsimple cms plugin multi user 1.8.2 crosssite request forgery (add admin) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: GetSimple CMS Plugin Multi User v1.8.2 - Cross-Site Request Forgery (Add Admin)
# Exploit Author: Bobby Cooke (boku) & Adeeb Shah (@hyd3sec)
# Date: August 2020-08-12
# Vendor Homepage: http://get-simple.info/extend/plugin/multi-user/133/
# Software Link: http://get-simple.info/extend/export/960/133/multi-user.zip
# Version: 1.8.2
# Tested On: Windows 10 Pro + XAMPP
# CWE-352: Cross-Site Request Forgery (CSRF)
# Vulnerability Description:
# Cross-Site Request Forgery (CSRF) vulnerability in Multi User v1.8.2 plugin for GetSimple CMS allows remote attackers to add an Admin user via authenticated admin visiting a third-party site.
## Usage:
+ Change <IP||DOMAIN> to target IP address or domain name
+ Change <ADMIN> to target username
+ Change <PASSWORD> to target password