RapidWareX v2.0.1 (WebUI) CSRF Exploit
Posted on 26 May 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>RapidWareX v2.0.1 (WebUI) CSRF Exploit</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>====================================== RapidWareX v2.0.1 (WebUI) CSRF Exploit ====================================== RapidWareX v2.0.1 (WebUI) CSRF Exploit Author: l3D Sites: http://xraysecurity.blogspot.com, http://nullbyte.org.il IRC: irc://irc.nix.co.il Email: pupipup33@gmail.com RapidWareX v2.0.1 (WebUI) is prone to a post-authentication CSRF vulnerability, which allows the attacker to have control over certain actions for the downloader such as Start/Retry, Pause, Clear All, Clear Finished, Add Links, etc. Please note that in order to carry out the attack, the victim must have RapidWareX running and logged in. The example below clears all the downloads when the victim enters the page. <img src="http://localhost:8080/ClearAll" /> # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-05-26]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
