Posts

Showing posts from March 25, 2018

Cross Site Request Forgery- Frog CMS CVE ID : CVE-2018-8908

Image
Cross Site Request Forgery- Frog CMS By- Samrat Das Hi Readers, Recently while performing some open source security assessment, I came across an CMS Application, “Frog CMS” . Curious to explore its functionalities, I set up a local copy and started playing around to find security vulnerabilities’. Title of the Vulnerability :  Cross Site Request Forgery Vulnerability Class : Code Execution/ Privilege Escalation Technical Details & Description : The application source code is coded in a way which allows malicious HTML request to be executed without veryifying source of request.This leads to arbitary execution with malicous request which will lead to the creation of a privileged user. CVE ID allocated : -  CVE-2018-8908 Product & Service Introduction : Frog CMS Steps to Re-Produce – 1.       Visit the application 2.       Visit the Add Users Page. 3.       Craft an html page with all the details for an admin user creation and host it on a server 4.