+--------------------------------------------------------------------------------------------------------------------------------+ # Exploit Title : ContaoCMS (aka TYPOlight) <= 2.11 CSRF (Delete Admin- Delete Article) # Date : 25-02-2012 # Author : Ivano Binetti (http://ivanobinetti.com) # Software link : http://www.contao.org/en/download.html # Vendor site : http://www.contao.org # Version : 2.11.0 (latest) and lower # Tested on : Debian Squeeze (6.0) +--------------------------------------------------------------------------------------------------------------------------------+ +------------------------------------------[Multiple Vulnerabilities by Ivano Binetti]-------------------------------------------+ Summary 1)Introduction 2)Vulnerabilities Description 2.1 Delete Administrators or Users 2.2 Delete News 2.3 Delete Newsletter +--------------------------------------------------------------------------------------------------------------------------------+ 1)Introduction Contao (fka TYPOlight) is "an open source content management system (CMS) for people who want a professional internet presence that is easy to maintain". 2)Vulnerabilities Description Contao 2.11 (and lower) is affected by CSRF Vulnerability which allows an attacker to delete admins/users, delete web pages (articles, news, newsletter and so on). 2.1 Delete Administrators or Users

CSRF Exploit to delete ADMIN/USER account

Note that the is possible to delete any admin/user, also the first administrator (id=1) created during Contao's installation phase. 2.2 Delete News

CSRF Exploit to delete News

2.3 Delete Newsletter

CSRF Exploit to delete Newsletter