CSRF Vulnerability in C2Box application CVE-2015-4460

2015-07-05T00:00:00
ID SECURITYVULNS:DOC:32292
Type securityvulns
Reporter Securityvulns
Modified 2015-07-05T00:00:00

Description

Please add this advisory to your archive. Thanks.

Title: Cross-Site Request Forgery (CSRF) Vulnerability in C2Box application Allows adding an Admin User or reset any user's password. Author: Wissam Bashour - Help AG Middle East Vendor: boxautomation(B.A.S) Product: C2Box Version: All versions below 4.0.0(r19171) Tested Version: Version 4.0.0(r19171) Severity: HIGH CVE Reference: CVE-2015-4460

About the Product:

B.A.S C2Box provides global solutions enabling full control and visibility over cash positions and managing domestic or cross border payment processes.

Description:

This Cross-Site Request Forgery vulnerability enables an anonymous attacker to add an admin account into the application. This leads to compromising the whole domain as the application normally uses privileged domain account to perform administration tasks. Also the attacker can reset any user's password after gaining the privileged account.

Vulnerability Class:

Cross-Site Request Forgery (CSRF) - https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)

How to Reproduce: (POC):

Host the attached code in a webserver. Then send the link to the application Admin. The admin should be logged in when he clicks on the link. You can entice him to do that by using social engineering techniques. Say for example: Log into the application and click the following link to get free licenses

Disclosure:

Discovered: June 10, 2015 Vendor Notification: June 10, 2015 Advisory Publication: June 27, 2015 Public Disclosure: June 27, 2015

Solution:

Upgrade to the latest Build will fix this issue. The new version number is 15.6.22 Release date: June 22, 2015  

credits:

Wissam Bashour Associate Security Analyst Help AG Middle East

Proof of Concept Code:

https://raw.githubusercontent.com/Siros96/CSRF/master/PoC https://www.dropbox.com/s/i45wzl6cqavrzm4/PoC_CSRF_password_reset.mp4?dl=0

References:

[1] help AG middle East http://www.helpag.com/. [2] http://www.boxautomation.com/. [3] https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF) [4] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVEВ® is a dictionary of publicly known information security vulnerabilities and exposures.