<< Previous Next >>
cross site request forgery
1. OVERVIEW
WebsiteBaker 2.8.1 and lower versions are vulnerable to Cross Site
Request Forgery (CSRF).
2. BACKGROUND
WebsiteBaker is a PHP-based Content Management System (CMS) designed
with one goal in mind: to enable its users to produce websites with
Rating: Moderately critical
Impact: SQL Injection
Local File Inclusion
Cross-Site Scripting
Cross-Site Request Forgery
Where: Remote
======================================================================
3) Vendor's Description of Software
get basic information about the hosts in the Resource Pools, information about
the VMs and also connect to the console of the VMs.
Due to poor validation of some user controlled inputs, a variety of attacks
against the application and the underlying server are possible.
Cross-site scripting, cross-site request forgery, SQL injection and remote
command execution attack vectors were identified as well.
XSS and CSRF attacks can be performed on the virtual appliance itself, while
the others require the PHP parameter magic_quotes_gpc to be off on the web
server.
Advisory Information
Advisory ID: NGENUITY-2010-006
Date published: Aug. 7, 2010
Class: Cross-Site Request Forgery (CSRF)
Software Description
Nagios XI is the commercial / enterprise version of the open source
[MajorSecurity SA-068]Anantasoft Gazelle CMS - change admin password via Cross-site Request Forgery
Details
=======
Product: Anantasoft Gazelle CMS
Security-Risk: high
Remote-Exploit: yes
Vendor-URL: http://www.anantasoft.com
Vendor-Status: informed
Advisory-Status: published
===============================================================
Scientific Atlanta DPC2100 Cable Modem
Cross-Site Request Forgery and Insufficient Authentication
May 24, 2010
CVE-2010-2025, CVE-2010-2026
===============================================================
==Description==
Scientific Atlanta, a Cisco company (www.cisco.com), produces the WebSTAR line
[MajorSecurity SA-070]Plume CMS - change Admin Password via Cross-site Request Forgery
Details
=======
Product: Plume CMS
Security-Risk: high
Remote-Exploit: yes
Vendor-URL: http://www.plume-cms.net/
Advisory-Status: published
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02711131
Version: 1
HPSBMA02629 SSRT100381 rev.1 - HP Power Manager (HPPM) Running on Linux and Windows, Cross Site Request Forgery (CSRF)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-02-07
Last Updated: 2011-02-07
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02748970
Version: 1
HPSBMA02664 SSRT100417 rev.1 - HP Insight Control Performance Management for Windows, Remote Privilege Elevation, Cross Site Request Forgery (CSRF)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-04-20
Last Updated: 2011-04-20
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02711131
Version: 3
HPSBMA02629 SSRT100381 rev.3 - HP Power Manager (HPPM) Running on Linux and Windows, Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-02-07
Last Updated: 2011-03-10
Product: miniblog
Vendor: spyka Web Group ( http://www.spyka.net )
Vulnerable Version: 1.0.0 and probably prior
Tested on: 1.0.0
Vendor Notification: 25 May 2011
Vulnerability Type: XSS (Cross Site Scripting) , CSRF (Cross-Site Request Forgery)
Risk level: Medium
Credit: High-Tech Bridge SA Security Research Lab ( http://www.htbridge.ch/advisory/ )
Vulnerability Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in miniblog, which can be exploited to perform cross-site scripting & cross-site request forgery attacks.
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02560655
Version: 2
HPSBMA02598 SSRT100314 rev.2 - HP Insight Control Virtual Machine Management for Windows, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Cross Site Request Forgery (CSRF)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-10-25
Last Updated: 2010-10-28
Pictures:
../ive1.png
1.2
Multiple cross site request forgery vulnerabilities are detected on client-side of the edian waf appliance.
The vulnerability allows an attacker to force client-side module requests of application functions.
Vulnerable: Cross Site Request Forgery Vulnerabilities (Client-Side|Non Persistent)
Vulnerable Module(s):
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2010-1150
It was discovered that mediawiki, a website engine for collaborative
work, is vulnerable to a Cross-Site Request Forgery login attack, which
could be used to conduct phishing or similar attacks to users via
affected mediawiki installations.
Note that the fix used breaks the login API and may require clients using it to
be updated.
Installations where the createemailregexp parameter is
empty are not vulnerable to this issue.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=711714
CVE Number: CVE-2011-3667
Class: Cross-Site Request Forgery
Versions: 2.0 to 3.4.12, 3.5.1 to 3.6.6, 3.7.1 to 4.0.2,
4.1.1 to 4.1.3
Fixed In: 4.2rc1
Description: The creation of bug reports and of attachments is not
protected by a token and so they can be created without
http://1.2.3.4/private/login.ssi?WEBINDEX=<n>&JUNK=1
where <n> is the assigned integer value (1..12) of the user
account
Cross Site Request Forgery
==========================
BladeCenter AMM does not validate the origin of an HTTP request.
If attacker is able to lure or force an authenticated
Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_phplist.html
Product: phpList
Vendor: Tincan Ltd ( http://www.phplist.com/ )
Vulnerable Version: 2.10.13 and probably prior versions
Vendor Notification: 12 April 2011
Vulnerability Type: CSRF (Cross-Site Request Forgery)
Risk level: Low
Credit: High-Tech Bridge SA Security Research Lab ( http://www.htbridge.ch/advisory/ )
Vulnerability Details:
The vulnerability exists due to failure in the "admin/configure.php" script to properly verify the source of HTTP request.
Security Advisory: MVSA-10-006 / CVE-2010-0153
Vendor: IBM
Products: Proventia Network Mail Security System
Vulnerabilities: Cross-Site Request Forgery (XSRF)
Risk: High
Attack Vector: From Remote
Authentication: Required
Reference: http://www.ventuneac.net/security-advisories/MVSA-10-006
The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2008-0471
Private messaging allowed cross site request forgery, making
it possible to delete all private messages of a user by sending
them to a crafted web page.
CVE-2006-6841 / CVE-2006-6508
======
A remote attacker might be able to disclose local files, bug
information, passwords, and other data under certain circumstances.
Furthermore, a remote attacker could conduct SQL injection, Cross-Site
Scripting (XSS) or Cross-Site Request Forgery (CSRF) attacks via
various vectors.
Workaround
==========
Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_umi_cms.html
Product: UMI.CMS
Vendor: umisoft ( http://www.umi-cms.ru/ )
Vulnerable Version: 2.8.1.2
Vendor Notification: 25 January 2011
Vulnerability Type: CSRF (Cross-Site Request Forgery)
Risk level: Low
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
Vulnerability Details:
The vulnerability exists due to failure in the "/admin/users/edit/USERID/do/" script to properly verify the source of HTTP request.
Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_open_classifieds.html
Product: Open Classifieds
Vendor: Open Classifieds Team ( http://www.open-classifieds.com/ )
Vulnerable Version: 1.7.1.1 and probably prior versions
Vendor Notification: 28 April 2011
Vulnerability Type: CSRF (Cross-Site Request Forgery)
Risk level: Low
Credit: High-Tech Bridge SA Security Research Lab ( http://www.htbridge.ch/advisory/ )
Vulnerability Details:
The vulnerability exists due to failure in the "admin/accounts.php" script to properly verify the source of HTTP request.
Vulnerability ID: HTB22927
Reference: http://www.htbridge.ch/advisory/csrf_cross_site_request_forgery_in_webjaxe.html
Product: Webjaxe
Vendor: Webjaxe ( http://media4.obspm.fr/outils/webjaxe/en/ )
Vulnerable Version: 1.02
Vendor Notification: 29 March 2011
Vulnerability Type: CSRF (Cross-Site Request Forgery)
Risk level: Low
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_npds_revolution.html
Product: NPDS REvolution
Vendor: NPDS
Vulnerable Version: REvolution 10.02 and Probably Prior Versions
Vendor Notification: 06 May 2010
Vulnerability Type: CSRF (Cross-Site Request Forgery)
Status: Fixed by Vendor
Risk level: Low
Credit: High-Tech Bridge SA (http://www.htbridge.ch/)
Vulnerability Details:
Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_elitecms.html
Product: eliteCMS
Vendor: Elite Graphix
Vulnerable Version: 1.01 and Probably Prior Versions
Vendor Notification: 19 April 2010
Vulnerability Type: CSRF (Cross-Site Request Forgery)
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Low
Credit: High-Tech Bridge SA (http://www.htbridge.ch/)
Vulnerability Details:
|
| <img src="http://192.0.2.1/level/15/configure/-/enable/secret/mypassword"/>
|
| on a web page, and trick the victim to visit it while he or she is
| logged into the Cisco router at 192.0.2.1 over HTTP. This has been
| dubbed "Cross-Site Request Forgery" a couple of years ago, but the
| authors of RFC 2109 were already aware of it in 1997. At that time,
| browser-side countermeasures were proposed (such as users examining
| the HTML source code *cough*), but current practice basically mandates
| that browsers transmit authentication information when following
| cross-site links.
| <img
src="http://192.0.2.1/level/15/configure/-/enable/secret/mypassword"/>
|
| on a web page, and trick the victim to visit it while he or she is
| logged into the Cisco router at 192.0.2.1 over HTTP. This has been
| dubbed "Cross-Site Request Forgery" a couple of years ago, but the
| authors of RFC 2109 were already aware of it in 1997. At that time,
| browser-side countermeasures were proposed (such as users examining
| the HTML source code *cough*), but current practice basically mandates
| that browsers transmit authentication information when following
| cross-site links.
Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_frog_cms.html
Product: Frog CMS
Vendor: Philippe Archambault ( http://www.madebyfrog.com/ )
Vulnerable Version: 0.9.5 and probably prior versions
Vendor Notification: 09 November 2010
Vulnerability Type: CSRF (Cross-Site Request Forgery)
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Low
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
Vulnerability Details:
Advisory ID: HTB23067
Reference: https://www.htbridge.ch/advisory/csrf_cross_site_request_forgery_in_dclassifieds.html
Product: DClassifieds
Vendor: www.dclassifieds.eu ( http://www.dclassifieds.eu/ )
Vulnerable Version: 0.1 final and probably prior
Tested Version: 0.1 final
Vendor Notification: 04 January 2012
Vulnerability Type: CSRF (Cross-Site Request Forgery)
Risk Level: Low
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.ch/advisory/ )
Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_vam_shop.html
Product: VaM Shop
Vendor: Vamsoft ( http://vamshop.ru/ )
Vulnerable Version: 1.6 and Probably Prior Versions
Vendor Notification: 28 December 2010
Vulnerability Type: CSRF (Cross-Site Request Forgery)
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Low
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
Vulnerability Details:
<<Previous Next>>
|
