5
Hi and sorry for delay and for my not clear post.
First of all i think that a CSRFs Token would be Very helpful, even though it doesnt provide a 100% effective prevetion it raises attack's complexity with a minimum effort.
Here's my attack:
http://www.mediafire.com/?sharekey=68395ad6c66659b15a3d773badf21430e04e75f6e8ebb871I provide files:
Evilpage.html is the page with the hidden frame, if you have an active administration session on a XOOPS site and then you load the evil page with your browser , it will silently post a new content on you news module.
xoopsnews.html is a copy of the form (provided by the news module). This form has to be adapted to your XOOPS installation because my script refers to
http://localhost/xoops and that is my installation but maybe not yours.
All you have to do to try is
1) log in to your XOOPS site
2) open evilpage.html
3)wait 5 secs
4) open you XOOPS admin page (in particular news module administration)
I strongly suggest the news1.63 team to insert a csrf token