Zero Science Lab » Windu CMS 2.2 CSRF Add Admin Exploit

Windu CMS 2.2 CSRF Add Admin Exploit

Title: Windu CMS 2.2 CSRF Add Admin Exploit
Advisory ID: ZSL-2013-5149
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 24.07.2013

Summary

Windu CMS is a simple, lightweight and fun-to-use website content management software.

Description

Windu CMS suffers from a cross-site request forgery vulnerabilities. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

Vendor

Adam Czajkowski - http://www.windu.org

Affected Version

2.2 rev 1430

Tested On

Microsoft Windows 7 Ultimate SP1 (EN)
Apache 2.4.2 (Win32)
PHP 5.4.7
MySQL 5.5.25a

Vendor Status

[21.07.2013] Vulnerabilities discovered.
[23.07.2013] Contact with the vendor.
[24.07.2013] No reply from the vendor.
[24.07.2013] Public security advisory released.

PoC

winducms_csrf.html

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] http://www.securityfocus.com/bid/61429
[2] http://cxsecurity.com/issue/WLB-2013070187
[3] http://packetstormsecurity.com/files/122539
[4] http://secunia.com/advisories/54237/
[5] http://www.securelist.com/en/advisories/54237
[6] http://www.osvdb.org/show/osvdb/95636
[7] http://www.exploit-db.com/exploits/27128/

Changelog

[24.07.2013] - Initial release
[25.07.2013] - Added reference [2], [3], [4] and [5]
[27.07.2013] - Added reference [6]
[28.07.2013] - Added reference [7]

Contact

Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk