SyndeoCMS <= 3.0 CSRF "0day" Vulnerability

Posted on domenica 19 febbraio 2012 by Ivano Binetti

Today I've found a new "0day" vulnerability into Syndeocms 3.0 - and lower version - and I've created an exploit in order to automatically add an administrator account when the real administrator browses an "ad hoc" created web page containing a simple html/javascript code.

For more details:

http://www.exploit-db.com/author/?a=3557
http://packetstormsecurity.org/files/author/9536/

Some web sites which published my "0day" vulnerability:

http://1337day.com/exploits/17544
http://exploitsdownload.com/exploit/php/syndeocms-30-csrf-vulnerabili
http://www.allinfosec.com/2012/02/19/webapps-0day-syndeocms-3-0-csrf-vulnerability/
http://www.silobreaker.com/webapps--syndeocms-lt-30-csrf-vulnerability-5_2265494154572201984
http://eternal-todo.com/aggregator/categories/1
http://www.morningstarsecurity.com/news
http://unsecure-os.org/index.php/exploits
http://securit.se/it-sakerhetsnyheter/
http://cxsecurity.com/
http://www.bugsearch.net/

0 Responses to "SyndeoCMS <= 3.0 CSRF "0day" Vulnerability":