Zero Science Lab » ArticleFR 3.0.6 CSRF Add Admin Exploit

ArticleFR 3.0.6 CSRF Add Admin Exploit

Title: ArticleFR 3.0.6 CSRF Add Admin Exploit
Advisory ID: ZSL-2015-5248
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 13.07.2015

Summary

A lightweight fully featured content (article / video) management system. Comes with a pluginable and multiple module framework system.

Description

The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

Vendor

Free Reprintables - http://www.freereprintables.com

Affected Version

3.0.6

Tested On

nginx/1.6.2
PHP

Vendor Status

N/A

PoC

articlefr_csrf.txt

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] http://cxsecurity.com/issue/WLB-2015070061
[2] https://packetstormsecurity.com/files/132684
[3] https://www.exploit-db.com/exploits/37596/
[4] https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5530
[5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5530
[6] http://www.scip.ch/en/?vuldb.76729
[7] https://exchange.xforce.ibmcloud.com/vulnerabilities/104898

Changelog

[13.07.2015] - Initial release
[14.07.2015] - Added reference [1], [2] and [3]
[19.07.2015] - Added reference [4], [5] and [6]
[13.08.2015] - Added reference [7]

Contact

Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk