Jump to content
Aerosol

Chamilo LCMS Connect 4.1 Clickjacking

By Aerosol, in Exploituri

Recommended Posts

Aerosol Newbie

Aerosol

Posted
Posted 

Hi Team,

#Affected Vendor: http://lcms.chamilo.org/
#Date: 27/03/2015
#Discovered by: Joel Vadodil Varghese
#Type of vulnerability: Clickjacking
#Tested on: Windows 7
#Product: LCMS Connect
#Version: 4.1
#Description: Chamilo is an open-source (under GNU/GPL licensing)
e-learning and content management system, aimed at improving access to
education and knowledge globally. Chamilo LCMS is a completely new software
platform for e-learning and collaboration. Framing involves placing one
webpage within another webpage by use of the iframe HTML element. One
familiar use of iframes is to embed maps within web pages. LCMS connect is
susceptible to clickjacking attack.

#Proof of Concept (PoC):
------------------------------------
<iframe src="http://localhost/Chamilo/" sanboxed width=900 height=900>
Please check me out !!!!
</iframe>

-- 
Regards,

*Joel V*

Source

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...