=========================================================
Vulnerable Software: Seditio Chat Plugin (Chat İndex Plugin) v 1.0
http://www.seditio-eklenti.com/page.php?id=418
http://www.seditio-eklenti.com/chat-plugin-index-d418.html
Downloaded: http://www.seditio-eklenti.com/datas/users/1-chat.rar
(MD5 SUM: d1565b438199984661cf2147572724a6 *1-chat.rar)
=========================================================
Tested:
With Seditio v165
*php.ini MAGIC_QUOTES_GPC OFF*
Safe mode off
/*
OS: Windows XP SP2 (32 bit)
Apache: 2.2.21.0
PHP Version: 5.2.17.17
mysql> select version()
-> ;
+-----------+
| version() |
+-----------+
| 5.5.21 |
+-----------+
*/
=========================================================
About Software:
Seditio Chat Plugin (Chat İndex Plugin) v 1.0 is popular plugin for Seditio CMS.
It gives ability to users~administrators~moderators to chatting.
=========================================================
Vuln Desc:
This plugin is prone to CROSS SITE REQUEST FORGERY vulnerability.
It uses $_GET without any proper check of request validity when deleting entries from chat.
It can be used by malicious people for delete chat entries.
================ Seditio chat plugin Delete chat entries CSRF exploit =================
' .PHP_EOL;
}
die($body . '' . $sithere . '
');
/* EOF */
?>
==============================EOF================================
/AkaStep ^_^
+++++++Greetz to all+++++++++++
packetstormsecurity.*,securityfocus.com,cxsecurity.com,security.nnov.ru,securtiyvulns.com and to all others!
Thank you.