header-logo
Suggest Exploit
vendor:
NPDS REvolution
by:
High-Tech Bridge SA
3,3
CVSS
LOW
Cross-Site Request Forgery (CSRF)
352
CWE
Product Name: NPDS REvolution
Affected Version From: REvolution 10.02
Affected Version To: Probably Prior Versions
Patch Exists: YES
Related CWE: N/A
CPE: a:npds:npds_revolution
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

XSRF/CSRF in NPDS REvolution

The vulnerability exists due to failure in the 'admin.php' script to properly verify the source of HTTP request. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data. Attacker can use browser to exploit this vulnerability. The following PoC is available: <img src='http://host/admin.php?op=ConfigFiles_save&Xtxt=<?+phpinfo()+?>&Xfiles=footer_after&confirm=1'>

Mitigation:

Upgrade to the most recent verison of NPDS REvolution.
Source

Exploit-DB raw data:

Vulnerability ID: HTB22367

Reference: http://www.htbridge.ch/advisory/xsrf_csrf_in_npds_revolution.html

Product: NPDS REvolution

Vendor: NPDS

Vulnerable Version: REvolution 10.02 and Probably Prior Versions Vendor
Notification: 06 May 2010 Vulnerability Type: CSRF (Cross-Site Request
Forgery)

Status: Fixed by Vendor

Risk level: Low

Credit: High-Tech Bridge SA (http://www.htbridge.ch/)



Vulnerability Details:

The vulnerability exists due to failure in the "admin.php" script to
properly verify the source of HTTP request.

Successful exploitation of this vulnerability could result in a compromise
of the application, theft of cookie-based authentication credentials,
disclosure or modification of sensitive data.

Attacker can use browser to exploit this vulnerability. The following PoC is
available:


<img src="
http://host/admin.php?op=ConfigFiles_save&Xtxt=<?+phpinfo()+?>&Xfiles=footer_after&confirm=1<http://host/admin.php?op=ConfigFiles_save&Xtxt=%3c?+phpinfo()+?%3e&Xfiles=footer_after&confirm=1>
">


Solution: Upgrade to the most recent verison

Navigation

Suggest Exploit

Services By CQR