CSRF Vulnerability Discovered

[shellsniper]

Description:
CSRF (Cross-site request forgery) Vulnerability discovered in Gleez CMS v1.2.0 when I penetrate testing a couple of vulnerabilities in Demo website: https://demo.gleezcms.org.

POC:

1. Log in as a user or admin

2. Add new page or blog
   

3. Intercept POST request when a normal user or admin submitting a new page or blog,
   

4. Launch a CSRF attack
   

Exec code:

Snippet is here:
https://github.com/levoncf/Path_of_CVE/blob/master/CSRF_POC.html

5. Proof of Attack Successed!
   

[shellsniper]

For POC, you need to gain user cookie/session by yourself, then to generate the payload

[sandeepone]

#794 #796