Windu CMS 2.2 CSRF Add Admin Exploit

Title: Windu CMS 2.2 CSRF Add Admin Exploit
Advisory ID: ZSL-2013-5149
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 24.07.2013
Summary
Windu CMS is a simple, lightweight and fun-to-use website content management software.
Description
Windu CMS suffers from a cross-site request forgery vulnerabilities. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
Vendor
Adam Czajkowski - http://www.windu.org
Affected Version
2.2 rev 1430
Tested On
Microsoft Windows 7 Ultimate SP1 (EN)
Apache 2.4.2 (Win32)
PHP 5.4.7
MySQL 5.5.25a
Vendor Status
[21.07.2013] Vulnerabilities discovered.
[23.07.2013] Contact with the vendor.
[24.07.2013] No reply from the vendor.
[24.07.2013] Public security advisory released.
PoC
winducms_csrf.html
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://www.securityfocus.com/bid/61429
[2] http://cxsecurity.com/issue/WLB-2013070187
[3] http://packetstormsecurity.com/files/122539
[4] http://secunia.com/advisories/54237/
[5] http://www.securelist.com/en/advisories/54237
[6] http://www.osvdb.org/show/osvdb/95636
[7] http://www.exploit-db.com/exploits/27128/
Changelog
[24.07.2013] - Initial release
[25.07.2013] - Added reference [2], [3], [4] and [5]
[27.07.2013] - Added reference [6]
[28.07.2013] - Added reference [7]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk