Exploits / Vulnerability Discovered : 2018-08-02 |
Type : webapps |
Platform : php
This exploit / vulnerability Witycms 0.6.2 crosssite request forgery (password change) is for educational purposes only and if it is used you will do on your own risk!
CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allows an attacker to take over a user account by modifying user's data such as email and password
2. Exploit and Proof of Concept
To exploit this vulnerability, victim need to be logged in at target site namely victim.com and visit crafted site made by attacker namely attacker.com. Then an authenticated POST request will be generated from victim browser and it will be submit to victim.com to modify user's data to attacker desired value.