GeniXCMS v0.0.1 CSRF Add Admin Exploit
Title: GeniXCMS v0.0.1 CSRF Add Admin Exploit
Advisory ID: ZSL-2015-5234
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 10.03.2015
Apache 2.4.10 (Win32)
PHP 5.6.3
MySQL 5.6.21
[05.03.2015] Vendor contacted.
[06.03.2015] Vendor responds asking more details.
[06.03.2015] Sent details to the vendor.
[07.03.2015] Vendor promises fix soon.
[10.03.2015] Vendor releases patched version.
[10.03.2015] Public security advisory released.
[2] https://github.com/semplon/GeniXCMS/commit/698245488343396185b1b49e7482ee5b25541815
[3] http://www.exploit-db.com/exploits/36321/
[4] http://osvdb.org/show/osvdb/119391
[5] http://cxsecurity.com/issue/WLB-2015030065
[6] http://packetstormsecurity.com/files/130772
[7] https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101499
[8] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-2680
[9] https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2680
[11.03.2015] - Added reference [4], [5] and [6]
[13.03.2015] - Added reference [7]
[24.03.2015] - Added reference [8] and [9]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2015-5234
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 10.03.2015
Summary
GenixCMS is a PHP Based Content Management System and Framework (CMSF). It's a simple and lightweight of CMSF. Very suitable for Intermediate PHP developer to Advanced Developer. Some manual configurations are needed to make this application to work.Description
The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.Vendor
MetalGenix - http://www.genixcms.orgAffected Version
0.0.1Tested On
nginx/1.4.6 (Ubuntu)Apache 2.4.10 (Win32)
PHP 5.6.3
MySQL 5.6.21
Vendor Status
[05.03.2015] Vulnerability discovered.[05.03.2015] Vendor contacted.
[06.03.2015] Vendor responds asking more details.
[06.03.2015] Sent details to the vendor.
[07.03.2015] Vendor promises fix soon.
[10.03.2015] Vendor releases patched version.
[10.03.2015] Public security advisory released.
PoC
genixcms_csrf.txtCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] http://blog.metalgenix.com/update-security-fix-and-add-newsletter-module/16[2] https://github.com/semplon/GeniXCMS/commit/698245488343396185b1b49e7482ee5b25541815
[3] http://www.exploit-db.com/exploits/36321/
[4] http://osvdb.org/show/osvdb/119391
[5] http://cxsecurity.com/issue/WLB-2015030065
[6] http://packetstormsecurity.com/files/130772
[7] https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101499
[8] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-2680
[9] https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2680
Changelog
[10.03.2015] - Initial release[11.03.2015] - Added reference [4], [5] and [6]
[13.03.2015] - Added reference [7]
[24.03.2015] - Added reference [8] and [9]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk