Today I've discovered a new CSRF vulnerability which affects WebfolioCMS 1.1.4 (and lower) and which allows to modify any parameter. In my Advisory I've demonstrated how to add a new administrator account and how to modify a published web page.
Download my Original Advisory
Some other pubblication related to this vulnerability:
http://packetstormsecurity.org/files/110294/WebfolioCMS-1.1.4-Cross-Site-Request-Forgery.html
http://www.exploit-db.com/exploits/18536/
WebfolioCMS <= 1.1.4 CSRF (Add Admin/Modify Pages)
Posted on martedì 28 febbraio 2012
by Ivano Binetti
Iscriviti a:
Commenti sul post (Atom)
0 Responses to "WebfolioCMS <= 1.1.4 CSRF (Add Admin/Modify Pages)":
Posta un commento