[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Cross-Site Request Forgery (CSRF) in CMS Made Simple
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Cross-Site Request Forgery (CSRF) in CMS Made Simple
- From: advisory@xxxxxxxxxxxx
- Date: Wed, 7 Nov 2012 12:48:22 +0100 (CET)
Advisory ID: HTB23121
Product: CMS Made Simple
Vendor: cmsmadesimple.org
Vulnerable Version(s): 1.11.2 and probably prior
Tested Version: 1.11.2
Vendor Notification: October 17, 2012
Public Disclosure: November 7, 2012
Vulnerability Type: Cross-Site Request Forgery [CWE-352]
CVE Reference: CVE-2012-5450
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P)
Solution Status: Fixed by Vendor
Risk Level: Low
Discovered and Provided: High-Tech Bridge Security Research Lab (
https://www.htbridge.com/advisory/ )
-----------------------------------------------------------------------------------------------
Advisory Details:
High-Tech Bridge Security Research Lab discovered vulnerability in CMS Made
Simple, which can be exploited to perform cross-site request forgery (CSRF)
attacks.
1. Сross-Site Request Forgery (CSRF) in CMS Made Simple: CVE-2012-5450
The application allows authorized administrator to perform certain actions via
HTTP requests without making proper validity checks to verify the source of the
requests. This can be exploited to delete arbitrary files and directories.
An attacker should make logged-in administrator open a malicious link in the
browser to exploit this vulnerability.
The following PoC (Proof of Concept) code will delete the root directory with
all files leading to complete destroy of the CMS:
http://[host]/lib/filemanager/imagemanager/images.php?deld=../../
<img src="http://[host]/lib/filemanager/imagemanager/images.php?deld=../../";
width=1 height=1>
Successful exploitation requires that user under which the web server is
running has write access to files or directories to delete.
-----------------------------------------------------------------------------------------------
Solution:
Upgrade to CMSMS 1.11.2.1
More Information:
http://forum.cmsmadesimple.org/viewtopic.php?f=1&t=63545
-----------------------------------------------------------------------------------------------
References:
[1] High-Tech Bridge Advisory HTB23121 -
https://www.htbridge.com/advisory/HTB23121 - Сross-Site Request Forgery (CSRF)
in CMS Made Simple.
[2] CMS Made Simple - http://www.cmsmadesimple.org - CMS Made Simple, an open
source content management system, allows for faster and easier management of
website content. This CMS is scalable for small businesses to large
corporations.
[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ -
international in scope and free for public use, CVE® is a dictionary of
publicly known information security vulnerabilities and exposures.
[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to
developers and security practitioners, CWE is a formal list of software
weakness types.
-----------------------------------------------------------------------------------------------
Disclaimer: The information provided in this Advisory is provided "as is" and
without any warranty of any kind. Details of this Advisory may be updated in
order to provide as accurate information as possible. The latest version of the
Advisory is available on web page [1] in the References.