DClassifieds Cross Site Request Forgery Vulnerability

Bugtraq ID:	51671
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 25 2012 12:00AM
Updated:	Jan 25 2012 12:00AM
Credit:	High-Tech Bridge SA Security Research Lab
Vulnerable:	DClassifieds DClassifieds 0.1 final
Not Vulnerable:

DClassifieds Cross Site Request Forgery Vulnerability

DClassifieds is prone to a cross-site request-forgery vulnerability.

Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible.

DClassifieds 0.1 final is vulnerable; other versions may also be affected.

DClassifieds Cross Site Request Forgery Vulnerability

To exploit these issues, an attacker must entice an unsuspecting victim to follow a malicious URI or visit a malicious website.

The following example input is available:

• /data/vulnerabilities/exploits/51671.txt

DClassifieds Cross Site Request Forgery Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

DClassifieds Cross Site Request Forgery Vulnerability

References:

• CSRF (Cross-Site Request Forgery) in DClassifieds (High-Tech Bridge SA Security Research Lab)
  
• DClassifieds Homepage (DClassifieds)