TUCoPS :: Web :: CMS / Portals :: bx1343.htm

Joomla 1.0.13 CSRF
Joomla 1.0.13 CSRF
Joomla 1.0.13 CSRF


Author: Jose Carlos Nieto.

Date: Jan 08, 2008

Severity: Mild

There exists a Cross Site Scripting security hole in Joomla 1.0.13.


Background
=========
*Joomla!* is a free , open source  content management system  for publishing content 
on the world wide web  and intranets . 
Joomla! is licensed under the GPL , and is the result of a fork  of Mambo . 


Severity
=======Mild. It requires an administrator to be logged in and to be tricked into a specially
crafted webpage.


Summary
======Joomla! has no CSRF protection. A malicious user can trick an administrator into viewing
a specially crafted webpage containing an exploit, this exploit can execute (without permission)
any command the administrator would normally execute, such as publish a content or even add a new
administrator.


Solution
=======This problem has no solution at this time.


Disclosure timeline
==================Oct 18 2007 - Vulnerability found.
Oct 18 2007 - Vulnerability reported to vendor.
Oct 18 2007 - Answer from vendor.
Jan 08 2008 - Advisory released.


Proof of Concept
===============
If a logged in administrator visits this page a new administrator will be added to the victim's
Joomla powered website.

---- exploit code ----







src="http://www.more4kids.info/uploads/Image/Carebears-Cover.jpg"> 

---- exploit code ----

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH