1 [−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−]
2 [ Title: Chipmunk Board Script 1.x Multiple XSRF Vulnerabilities ]
3 [ Author: Milos Zivanovic ]
4 [ Email: milosz.security[at]gmail.com<http://gmail.com> ]
5 [ Date: 11. December 2009. ]
6 [−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−]
7
8 [−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−]
9 [ Application: Chipmunk Board Script ]
10 [ Version: 1.X ]
11 [ Download: http://www.chipmunk−scripts.com/chipmunkcms/chipmunkcms.zip ]
12 [ Vulnerability: Cross Site Request Forgery ]
13 [−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−]
14
15 I installed this board script locally and started looking, it didn’t take much to notice first
16 vulnerability. I found many vulnerabilities that could be exploited via cross site request forgery
17 method, but i’m only going to show you more important ones.
18
19 This board script doesn’t have any XSRF protection thus allowing us to do many things we shouldn’t
20 :)
21
22 [#]Content
23 |−−Change user settings (usercp)
24 |−−Change user settings (admincp)
25 |−−Delete category
26 |−−Delete forum
27 |−−Delete read private messages
28
29 Every exploit that has
30
31 [*]Change user settings (usercp)
32
33 This exploit will change this info for every user that opens it and is logged in.
34
35 [EXPLOIT−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−