[FD] Jaws CMS v1.1.1 - Privilege Escalate CSRF Vulnerability

Document Title: =============== Jaws CMS v1.1.1 - Privilege Escalate CSRF Vulnerability References (Source): ==================== http://ift.tt/2bbiLdI Release Date: ============= 2016-08-22 Vulnerability Laboratory ID (VL-ID): ==================================== 1923 Common Vulnerability Scoring System: ==================================== 3.3 Product & Service Introduction: =============================== Jaws is a Framework and Content Management System for building dynamic web sites. It aims to be User Friendly giving ease of use and lots of ways to customize web sites, but at the same time is Developer Friendly, it offers a simple and powerful framework to hack your own modules. (Copy of the Vendor Homepage: http://jaws-project.com ) Abstract Advisory Information: ============================== The vulnerability laboratory core research team discovered a client-side cross site request forgery vulnerability in the Jaws v1.1.1 content management system. Vulnerability Disclosure Timeline: ================================== 2016-08-22: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Jaws Project Product: Jaws - Content Management System 1.1.1 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A cross site request forgery vulnerability has been discovered in the content management system Jaws official v1.1.1. The vulnerability allows to perform malicious client-side web-application request to execute non-protected functions with own web context. In the absence of security token, an attacker could execute arbitrary code in the administrator's browser to gain unauthorized access to the administrator privileges. The vulnerability is located in the edituser.php file of the ./user/account.html module. The request method to execute is POST and the attack vector is client-side performed by the remote attacker. Proof of Concept (PoC): ======================= Cross site request forgery web vulnerability can be exploited by malicious web application without privileged user account and without user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. PoC: CSRF Exploitation

Privilege Escalate CSRF Vulnerability

Source: Gmail -> IFTTT-> Blogger