perfSONAR 4.4.5 Cross Site Request Forgery

Posted by deepcore on December 1, 2022 – 4:21 pm

A partial blind cross site request forgery (CSRF) vulnerability exists in perfSONAR versions 4.x through 4.4.5 within the /perfsonar-graphs/ test results page. Parameters and values can be injected/passed via the URL parameter, forcing the client to connect unknowingly in the background to other sites via transparent XMLHTTPRequests. This partial blind CSRF bypasses the built-in whitelisting function in perfSONAR.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Concrete CMS 9.1.3 XPATH Injection perfSONAR 4.4.4 Open Proxy / Relay »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

perfSONAR 4.4.5 Cross Site Request Forgery

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL