iTop 2.2.1 Cross Site Request Forgery

Posted by deepcore on March 20, 2016 – 6:47 am

High-Tech Bridge Security Research Lab discovered a remote code execution vulnerability in iTop that is exploitable via cross site request forgery flaw that is also present in the application. The vulnerability exists due to absence of validation of HTTP request origin in “/env-production/itop-config/config.php” script, as well as lack of user-input sanitization received via “new_config” HTTP POST parameter.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« [webapps] – Wildfly – WEB-INF and META-INF Information Disclosure via Filter Restriction Bypass [webapps] – WordPress Import CSV Plugin 1.0 – Directory Traversal »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

iTop 2.2.1 Cross Site Request Forgery

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL