Thank for Reproduce,
I have just tried things that are directly related to admin rights. But it seems that the entire rukovoditel CRM is not protected by the CSRF.
Search found 12 matches
- 13 Mar 2021, 06:59
- Forum: Bug Report version 2.8
- Topic: CSRF vulnerability on Rukovoditel 2.8.3 Hacker change admin password
- Replies: 14
- Views: 1358
- 13 Mar 2021, 06:59
- Forum: Bug Report version 2.8
- Topic: CSRF vulnerability on Rukovoditel 2.8.3 Hacker can add new user with admin privilege
- Replies: 12
- Views: 8793
Re: CSRF vulnerability on Rukovoditel 2.8.3 Hacker can add new user with admin privilege
Thank for Reproduce,
I have just tried things that are directly related to admin rights. But it seems that the entire rukovoditel CRM is not protected by the CSRF.
I have just tried things that are directly related to admin rights. But it seems that the entire rukovoditel CRM is not protected by the CSRF.
- 12 Mar 2021, 07:40
- Forum: Bug Report version 2.8
- Topic: CSRF vulnerability on Rukovoditel 2.8.3 Hacker can add new user with admin privilege
- Replies: 12
- Views: 8793
Re: CSRF vulnerability on Rukovoditel 2.8.3 Hacker can add new user with admin privilege
You can't do any action if you are not logged. So any html files like this will redirect to login. It's not the attacker that needs to be logged, but the victim. When the victim is logged and click on the page, the actions will be done on behalf of the victim https://en.wikipedia.org/wiki/Cross-sit...
- 11 Mar 2021, 22:08
- Forum: Bug Report version 2.8
- Topic: CSRF vulnerability on Rukovoditel 2.8.3 Hacker can add new user with admin privilege
- Replies: 12
- Views: 8793
Re: CSRF vulnerability on Rukovoditel 2.8.3 Hacker can add new user with admin privilege
Yes, if user has been logged in?
- 11 Mar 2021, 22:00
- Forum: Bug Report version 2.8
- Topic: CSRF vulnerability on Rukovoditel 2.8.3 Hacker change admin password
- Replies: 14
- Views: 1358
Re: CSRF vulnerability on Rukovoditel 2.8.3 Hacker change admin password
Yes, if user has been logged in, change password success
- 11 Mar 2021, 21:56
- Forum: Bug Report version 2.8
- Topic: CSRF vulnerability on Rukovoditel 2.8.3 Hacker can add new user with admin privilege
- Replies: 12
- Views: 8793
Re: CSRF vulnerability on Rukovoditel 2.8.3 Hacker can add new user with admin privilege
Again you are tesing with localhost and Xampp. By default session are the same for all localhost folders that is why you can send request form html form if there is logged users in http://localhost//rukovoditel_2.8.3/ But in live server you can't do it. In live server, I just need ADMIN click to my...
- 11 Mar 2021, 21:48
- Forum: Bug Report version 2.8
- Topic: CSRF vulnerability on Rukovoditel 2.8.3 Hacker change admin password
- Replies: 14
- Views: 1358
Re: CSRF vulnerability on Rukovoditel 2.8.3 Hacker change admin password
First in index.php?module=users/change_password module user can change own pasword only. There is no way to change pwd for other users. Second you are doing test on http://localhost/ and the session is the same for all folders in localhost that is why you can submit form form single html fomr. But ...
- 11 Mar 2021, 07:20
- Forum: Bug Report version 2.8
- Topic: CSRF vulnerability on Rukovoditel 2.8.3 Hacker can add new user with admin privilege
- Replies: 12
- Views: 8793
Re: CSRF vulnerability on Rukovoditel 2.8.3 Hacker can add new user with admin privilege
Hi, Tuong It works, but in my case I had to put the php file with the malicious code in the same server. Also, it worked when the connection was on the same protocol (HTTPS). This means that (in my case, with my server configuration and the Samesite property of my cookies set on true) it is harder ...
- 10 Mar 2021, 11:59
- Forum: Bug Report version 2.8
- Topic: CSRF vulnerability on Rukovoditel 2.8.3 Hacker can add new user with admin privilege
- Replies: 12
- Views: 8793
CSRF vulnerability on Rukovoditel 2.8.3 Hacker can add new user with admin privilege
CSRF vulnerability on Rukovoditel 2.8.3 ## Bug Description Hi. I found a CSRF in the module add new user in Rukovoditel 2.8.3. Hacker can add new user with admin privilege. ## How to Reproduce Steps to reproduce the behavior: 1. Create a CSRF POC using the following code. <!DOCTYPE HTML PUBLIC &quo...
- 09 Mar 2021, 21:21
- Forum: Bug Report version 2.8
- Topic: CSRF vulnerability on Rukovoditel 2.8.3 Hacker change admin password
- Replies: 14
- Views: 1358
CSRF vulnerability on Rukovoditel 2.8.3 Hacker change admin password
CSRF vulnerability on Rukovoditel 2.8.3 ## Bug Description Hi. I found a CSRF in the module change password in Rukovoditel 2.8.3. Hacker can change password admin click the link. ## How to Reproduce Steps to reproduce the behavior: 1. Create a CSRF POC using the following code. <!DOCTYPE HTML PUBLI...