################################################################################################################################### # Exploit Title: Apprain CMF / CSRF ADD/DELETE administrator's account # Date: 2013 29 August # Exploit Author: Yashar shahinzadeh # Special thanks to Mormoroth # Credit goes for: http://y-shahinzadeh.ir & ha.cker.ir # Vendor Homepage: http://www.apprain.com/ # Tested on: Linux & Windows, PHP 5.2.9 # Affected Version : 3.0.2 # # Contacts: { http://Twitter.com/YShahinzadeh , http://y-shahinzadeh.ir , http://Twitter.com/Mormoroth , http://mormoroth.ir } ################################################################################################################################### Summary: ======== 1. CSRF - Delete a account 2. CSRF - Adding administrator's account 1. CSRF - Delete a account: =========================== Deleting account section isn't protected against CSRF attacks, it's a simple get, the following exploit is useful to conduct an attack, albeit [ID] must be replaced by administrator's ID (e.g. 2) 2. CSRF - Adding administrator's account: ========================================= /** Yasshar shahinzadeh **/