Plume CMS - change Admin Password via Cross-site Request Forgery

2010.06.17
Credit: david kurz
Risk: Low
Local: No
Remote: Yes
CWE: CWE-352


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

[MajorSecurity SA-070]Plume CMS - change Admin Password via Cross-site Request Forgery Details ======= Product: Plume CMS Security-Risk: high Remote-Exploit: yes Vendor-URL: http://www.plume-cms.net/ Advisory-Status: published Credits ============ Discovered by: David Vieira-Kurz http://www.majorsecurity.info/penetrationstest.php Affected Products: ---------------------------- Plume CMS 1.2.4 Prior versions may also be vulnerable Introduction ============ "Plume CMS is web based content management system." More Details ============ We at MajorSecurity have discovered a vulnerability in Plume CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to change the administrator's password by tricking a logged in administrator into visiting a malicious web site. Solution ================ The web application should implement some validity checks to verify the requests before performing certain actions via HTTP requests. Workaround ================ Do not browse untrusted sites or follow untrusted links while being logged-in to the application. MajorSecurity ================ MajorSecurity is a German penetrationtesting and security research company which focuses on web application security. We offer professional penetrationstest, security audits, source code reviews.

References:

http://xforce.iss.net/xforce/xfdb/59308
http://www.vupen.com/english/advisories/2010/1430
http://www.securityfocus.com/archive/1/archive/1/511761/100/0/threaded
http://secunia.com/advisories/40133


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top