Latest YouTube Video
Sunday, December 13, 2015
[FD] OcPortal CMS 9.0.21 – Cross-site Request Forgery (CSRF) Vulnerability
================================================================ OcPortal CMS 9.0.21 – Cross-site Request Forgery (CSRF) Vulnerability ================================================================ Information ********************** Vulnerability Type : Cross-site Request Forgery (CSRF) Vulnerability Vulnerable Version : 9.0.21 Severity: High Author – Arjun Basnet CVE-ID: N/A Homepage: http://ift.tt/1O2TIvj Description *********************** OcPortal CMS is prone to CSRF vulnerability bypasses referrer checks for checking forms posted to the system. It allows an attacker to trick administrators into submitting coded forms (i.e. coded actions) into the system which means an attacker can add an admin user and thus gain code execution Proof of Concept ***************************
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment