Lucene search
+L

WebsiteBaker 2.8.1 Cross Site Request Forgery

🗓️ 13 Aug 2011 00:00:00Reported by Aung KhantType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 21 Views

WebsiteBaker 2.8.1 CSRF vulnerability in admin functio

Code
`1. OVERVIEW  
  
WebsiteBaker 2.8.1 and lower versions are vulnerable to Cross Site Request  
Forgery (CSRF).  
  
  
2. BACKGROUND  
  
WebsiteBaker is a PHP-based Content Management System (CMS) designed with  
one goal in mind: to enable its users to produce websites with ease.  
  
  
3. VULNERABILITY DESCRIPTION  
  
WebsiteBaker 2.8.1 and lower versions contain a flaw that allows a remote  
Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the  
application does not require multiple steps or explicit confirmation for  
sensitive transactions for majority of administrator functions such as  
adding new user. By using a crafted URL, an attacker may trick the victim  
into visiting to his web page to take advantage of the trust relationship  
between the authenticated victim and the application. Such an attack could  
trick the victim into executing arbitrary commands in the context of their  
session with the application, without further prompting or verification.  
  
  
4. VERSIONS AFFECTED  
  
2.8.1 <=  
  
  
5. PROOF-OF-CONCEPT/EXPLOIT  
  
The following request adds an administrator.  
  
[REQUEST]  
POST /admin/users/add.php HTTP/1.1  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 193  
  
user_id=&username_fieldname=username_abcdefg&username_abcdefg=test&password=test&password2=test&display_name=test&email=tester%  
40yehg.net&home_folder=&groups%5B%5D=1&active%5B%5D=1&submit=Add  
[/REQUEST]  
  
  
6. SOLUTION  
  
Upgrade to 2.8.2 or higher  
  
  
7. VENDOR  
  
WebsiteBaker Org e. V.  
http://www.websitebaker2.org/  
  
  
8. CREDIT  
  
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN  
Ethical Hacker Group, Myanmar.  
  
  
9. DISCLOSURE TIME-LINE  
  
2011-01-26: notified vendor  
2011-08-01: vendor released fix  
2011-08-13: vulnerability disclosed  
  
  
10. REFERENCES  
  
Original Advisory URL:  
http://yehg.net/lab/pr0js/advisories/[websitebaker-2.8.1]_cross_site_request_forgery  
  
  
#yehg [2011-08-13]  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

13 Aug 2011 00:00Current
0.3Low risk
Vulners AI Score0.3
21