Advertisement






e107 v.2 alpha2 CSRF vulnerability

CVE Category Price Severity
CVE-2020-15915 CWE-352 Not disclosed High
Author Risk Exploitation Type Date
N/A High Remote 2014-12-29
Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2014120192

Below is a copy:

Advisory: CSRF vulnerability in CMS e107 v.2 alpha2
Advisory ID: SROEADV-2014-04
Author: Steffen Rsemann
Affected Software: CMS e107 v.2 alpha2 (Release-Date: 08th-Jun-2014)
Vendor URL: http://e107.org
Vendor Status: solved
CVE-ID: -

==========================
Vulnerability Description:
==========================

The Content Management System e107 v.2 alpha2 allows an attacker to become
an administrative user (without rights) when tricking the admin into
executing a CSRF-vulnerable URL including the attackers user-id.

==================
Technical Details:
==================

The administrative backend of e107 v.2 alpha2 provides the functionality to
put a user instant in the administrators group by using the following url
when the administrator is already logged in:

http://{DOMAIN/HOSTNAME}/e107_admin/users.php?mode=main&action=admin&id={ID}

An attacker could try to abuse this in convincing the admin to execute a
link which contains the id of the attackers user-account or trick him to go
on a page the attacker controls where this URL is opened (e.g. in a hidden
iframe) while the admin is logged in.

The attacker knows his own id because it is shown on his user profile:

http://{DOMAIN/HOSTNAME}/user.php?id.{ID}

Although the attacker would not instant gain any rights it is a security
issue.

Combined with clickjacking and/or other social engineering attacks this
issue could be expanded to gain such elevated rights.

=========
Solution:
=========

Install the latest patch from the github repository (see below).


====================
Disclosure Timeline:
====================
22-Dec-2014 – found the vulnerability
22-Dec-2014 - informed the developers
26-Dec-2014 – release date of this security advisory [without technical details]
27-Dec-2014 – vendor responded and provided a patch
28-Dec-2014 – release date of this security advisory
28-Dec-2014 – post on Bugtraq / FullDisclosure

========
Credits:
========

Vulnerability found and advisory written by Steffen Rsemann.

===========
References:
===========

http://e107.org
https://github.com/e107inc/e107/commit/9249f892b1e635979db2a830393694fb73531080
http://sroesemann.blogspot.de

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum