← Advisories

GeniXCMS v0.0.1 CSRF Add Admin Exploit

Medium
Advisory ID
ZSL-2015-5234
Release Date
10 March 2015
Vendor
MetalGenix - http://www.genixcms.org
Affected Version
0.0.1
CVE
CVE-2015-2680
Tested On
nginx/1.4.6 (Ubuntu), Apache 2.4.10 (Win32), PHP 5.6.3, MySQL 5.6.21
Summary

GenixCMS is a PHP Based Content Management System and Framework (CMSF). It's a simple and lightweight of CMSF. Very suitable for Intermediate PHP developer to Advanced Developer. Some manual configurations are needed to make this application to work.

Description

The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

Proof of Concept
genixcms_csrf.txtTXT
Disclosure Timeline
05.03.2015Vulnerability discovered.
05.03.2015Vendor contacted.
06.03.2015Vendor responds asking more details.
06.03.2015Sent details to the vendor.
07.03.2015Vendor promises fix soon.
10.03.2015Vendor releases patched version.
10.03.2015Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]http://blog.metalgenix.com/update-security-fix-and-add-newsletter-module/16
[2]https://github.com/semplon/GeniXCMS/commit/698245488343396185b1b49e7482ee5b25541815
[3]http://www.exploit-db.com/exploits/36321/
[4]http://osvdb.org/show/osvdb/119391
[5]http://cxsecurity.com/issue/WLB-2015030065
[6]http://packetstormsecurity.com/files/130772
[7]https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101499
[8]http://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-2680
[9]https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2680
Changelog
10.03.2015Initial release
11.03.2015Added reference [4], [5] and [6]
13.03.2015Added reference [7]
24.03.2015Added reference [8] and [9]