← Advisories

Subrion CMS 2.2.1 CSRF Add Admin Exploit

Medium
Advisory ID
ZSL-2012-5106
Release Date
11 September 2012
Vendor
Intelliants LLC - http://www.subrion.com
Affected Version
2.2.1
CVE
CVE-2012-4773
Tested On
Microsoft Windows 7 Ultimate SP1 (EN), Apache 2.4.2 (Win32), PHP 5.4.4, MySQL 5.5.25a
Summary

Subrion is a free open source content management system. It's written in PHP 5 and utilizes MySQL database. Subrion CMS can be easily integrated into your current website or used as a stand alone platform. It's extremely flexible and scalable php system that stands for a content management framework.

Description

The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

Proof of Concept
subrion_csrf.htmlTXT
Disclosure Timeline
05.09.2012Vulnerability discovered.
06.09.2012Contact with the vendor.
07.09.2012Vendor responds asking more details.
07.09.2012Sent detailed information to the vendor.
10.09.2012Vendor creates patch.
11.09.2012Vendor releases version 2.2.2 to address this issue.
11.09.2012Coordinated public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]http://packetstormsecurity.org/files/116433
[2]http://cxsecurity.com/issue/WLB-2012090113
[3]http://www.subrion.com/forums/announcements/893-subrion-open-source-cms-2-2-2-has-been-released.html
[4]http://www.exploit-db.com/exploits/21267/
[5]http://secunia.com/advisories/44917/
[6]http://xforce.iss.net/xforce/xfdb/78469
[7]http://www.securityfocus.com/bid/55502
[8]http://www.osvdb.org/show/osvdb/85999
[9]http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-4773
Changelog
11.09.2012Initial release
12.09.2012Added reference [3] and [4]
13.09.2012Added reference [5]
14.09.2012Added reference [6] and [7]
11.11.2012Added reference [8] and [9]