JForum Cross Site Request Forgery

2013-12-26T00:00:00
ID PACKETSTORM:124598
Type packetstorm
Reporter Arno Chen
Modified 2013-12-26T00:00:00

Description

                                        
                                            `Version : All  
  
Vulnerability : Cross-site request forgery  
  
Problem type : remote  
  
CVE ID : CVE-2013-7209  
  
  
  
Jforum Admin module, modify user permissions module exists crsf Vulnerability,use the following code into jforum forum posts, as long as this administrators is opened this post, the permissions of user with id 12696 will be Escalated to the group with id 2 permissions,default group with id 2 is administrator group.  
  
Code:  
  
<img src=http://www.target.com/forum/admBase/login.page?action=groupsSave&module=adminUsers&user_id=12696&groups=2 width=0 />  
  
  
  
Code Description:  
  
http://www.target.com/forum/ jforum forum address,  
  
12696 for the user id  
  
2 group id  
  
width=0 is used to hide pic   
  
It was discovered by arno @dbappsecurity.com.cn  
`