← Advisories

Windu CMS 2.2 CSRF Add Admin Exploit

Medium
Advisory ID
ZSL-2013-5149
Release Date
24 July 2013
Vendor
Adam Czajkowski - http://www.windu.org
Affected Version
2.2 rev 1430
CVE
N/A
Tested On
Microsoft Windows 7 Ultimate SP1 (EN), Apache 2.4.2 (Win32), PHP 5.4.7, MySQL 5.5.25a
Summary

Windu CMS is a simple, lightweight and fun-to-use website content management software.

Description

Windu CMS suffers from a cross-site request forgery vulnerabilities. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

Proof of Concept
winducms_csrf.htmlTXT
Disclosure Timeline
21.07.2013Vulnerabilities discovered.
23.07.2013Contact with the vendor.
24.07.2013No reply from the vendor.
24.07.2013Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]http://www.securityfocus.com/bid/61429
[2]http://cxsecurity.com/issue/WLB-2013070187
[3]http://packetstormsecurity.com/files/122539
[4]http://secunia.com/advisories/54237/
[5]http://www.securelist.com/en/advisories/54237
[6]http://www.osvdb.org/show/osvdb/95636
[7]http://www.exploit-db.com/exploits/27128/
Changelog
24.07.2013Initial release
25.07.2013Added reference [2], [3], [4] and [5]
27.07.2013Added reference [6]
28.07.2013Added reference [7]