header-logo
Suggest Exploit
vendor:
MkPortal
by:
Demential
7,5
CVSS
HIGH
MkPortal Urlobox Cross Site Request Forgery
352
CWE
Product Name: MkPortal
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: a:mkportal:mkportal
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

MkPortal Urlobox Cross Site Request Forgery

MkPortal is vulnerable to Cross Site Request Forgery (CSRF) attacks. An attacker can craft a malicious URL that, when visited by an administrator, will delete a message from the urlobox. The malicious URL is posting [img]?ind=urlobox&op=delete&idurlo=X[/img] in MkPortal urlobox where X is an ID of a message. When the administrator visits the URL, the message with the ID X will be deleted.

Mitigation:

To mitigate this vulnerability, administrators should ensure that they are not logged in as an administrator when visiting untrusted websites.
Source

Exploit-DB raw data:

MkPortal Urlobox Cross Site Request Forgery

Discovered by: Demential
Web: http://www.burnhead.it
E-mail: info@burnhead.it
Mkportal website: http://www.mkportal.it

posting [img]?ind=urlobox&op=delete&idurlo=X[/img] in MkPortal urlobox
where X is an ID of a message,
when administrator opens urlobox page message X will be erased.

# milw0rm.com [2006-12-21]

Navigation

Suggest Exploit

Services By CQR