Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
erpscanERPScanERPSCAN-13-010
HistoryApr 22, 2010 - 12:00 a.m.

Lotus Domino Web Administrator - Cross Site Command Execution

2010-04-2200:00:00
erpscan.io
101

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

32.5%

JSON

Application: Lotus Domino **Versions Affected:**Lotus Domino Web Administrator 6.5 and 8.5.1 Vendor URL:IBM **Bugs:**CSRF, Command execution **Exploits:**YES **Reported:**22.04.2010 **Vendor response:**22.04.2010 **Date of Public Advisory:**24.03.2013 Reference:IBM **CVE number:**CVE-2013-0489 Author: Alexander Polyakov (ERPScan)

Description
Lotus Domino is vulnerable to CSRF attack which can de used for OS command execution in webadmin.nsf database by using Quick Console.
Lotus Domino is an IBM server product that provides enterprise-grade e-mail, collaboration capabilities, and custom application platform. Domino began life as Lotus Notes Server, the server component of Lotus Development Corporation’s client-server messaging technology. It can be used as an application server for Lotus Notes applications and/or as a web server. It also has a built-in database system in the format of NSF.

Details
Server is vulnerable to Cross Site Request Forgery attack. One of the ways to execute this attack is Cross Site Command Execution. By sending a special link to the administrator, an attacker can execute any command on the OS where Lotus is installed and get the result of the executed command.
Example:
An attacker can give the administrator the following link:
URL=http://server/webadmin.nsf/agReadConsoleData$UserL2?OpenAgent&Mode=QuickConsole&Command=load cmd /c net user hack hack123 /add > C:\Lotus\Domino\data\domino\html\download\filesets\netuser.png&1271932906681
If the administrator clicks this link, a command is executed which will add a new user to the OS. The attacker can also check if it executes by reading the file http://server/download/filesets/netuser.png

Business Risk
An attacker can use CSRF vulnerability by sending a link on malicious page to an unaware user via e-mail, messaging, or social networks. The end user browser has no way to know that the page should not be trusted, and will execute the script. Thus, an attacker can gain access to user session and gain control over the business-critical information which can be accessed by the victim.

Related

prion 2
cvelist 2
cve 2
nvd 2
nessus 1
prion
prion
Cross site request forgery (csrf)
2013-03-27 12:23:00
Design/Logic Flaw
2013-05-29 14:29:00
cvelist
cvelist
CVE-2013-0489
2013-03-27 10:00:00
CVE-2013-0482
2013-05-29 10:00:00
cve
cve
CVE-2013-0489
2013-03-27 12:23:46
CVE-2013-0482
2013-05-29 14:29:09
nvd
nvd
CVE-2013-0489
2013-03-27 12:23:46
CVE-2013-0482
2013-05-29 14:29:09
nessus
nessus
IBM Lotus Domino 8.5.x Multiple Vulnerabilities
2013-04-26 00:00:00

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

32.5%

JSON
Related for ERPSCAN-13-010
prion2cvelist2cve2nvd2nessus1