RedTeam Labs

Information Security Vulnerablities, Exploit Code and News

CATEGORIES:      Company News General Industry News Research List View

RedTeam Discovers CSRF in FrogCMS

Category: Research Tags: frog cms, frogcms, csrf, exploit, vulnerability
Posted by: labs@redteamsecure.com (Jeremiah Talamantes) on 2010-06-14 17:30:18

RedTeam Discovers Cross Site Request Forgery vulnerability in Frog CMS

Jeremiah Talamantes, Principal Security Consultant and Security Researcher at RedTeam, has discovered a cross-site request forgery vulnerability in FrogCMS version 0.9.5. The security vulnerability in the open source content management system revolves around a lack of security controls that check for CSRF attempts. An attacker can execute a CSRF attack by enticing an authenticated user to visit a malicious website (via phishing attack) causing the default header Snippet to be overwritten with arbitrary code.

Jeremiah has developed proof of concept code for this vulnerability in PHP. This security vulnerability has been published by the Packet Storm Security among other online vulnerability databases.

Published Exploit
* Packet Storm Security



Share |



Follow Our Twitter

Follow Our RSS

Share this: |


Categories



DISCLAIMER
    The content, tools, methodologies and proof of concept code contained in these articles are in no way intended to be used for malicious intent. This information is to be used for educational purposes only. RedTeam Security does not condone the malicious use nor does it warranty the use of any of the content contained herein.


Contact Us

Phone number:
1-612-234-7848

E-mail:

info@redteamsecure.com