CVE-2023-34839 PoC — IssabelPbx 跨站请求伪造漏洞

Source

Associated Vulnerability

Readme

## issabel-pbx 4.0.0-6 - Cross Site Request Forgery (CSRF) to Privilege Escalation###

**Description:**
Cross Site Request Forgery vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via the a Custom CSRF exploit to create new user function in that application.

**Vulnerable Product Version:**
issabel-pbx 4.0.0-6

**Date:**
23/06/2023

**CVE:** 
CVE-2023-34839

**CVE Author:**
Sahil Ojha

**Vendor Homepage:**
https://www.issabel.org/

**Software Link:** 
https://github.com/IssabelFoundation/issabelPBX

**Tested on:** 
Windows

**Attack scenario:**  
When this CSRF exploit is hosted somewhere or admin opens this exploit in his browser with logged in session of issable application, new user will be automatically added in the admin panel.

**Steps to reproduce:**
1. Go to issabel PBX application and login with admin credentials.
 
   ![HTML Render](https://github.com/sahiloj/CVE-2023-34839/blob/main/0.png)
   --
3. Copy the CSRF exploit shown below and save into html file and change the hostname or domain name which is masked in the exploit for personal reason.

    ![HTML Render](https://github.com/sahiloj/CVE-2023-34839/blob/main/CSRF%20exploit.png)
   ---
4. Open the CSRF exploit file in the same browser in another tab and as you can see a new user named "CSRF" was direclty created into the admin panel with administrator privilege.
   
   ![HTML Render](https://github.com/sahiloj/CVE-2023-34839/blob/main/4.png)
   ---

File Snapshot

 [4.0K]  /data/pocs/daa06a8fe323ca8d1a5cc3066b67fa1352b299e6
├── [105K]  0.png
├── [140K]  1.png
├── [ 10K]  2.png
├── [140K]  4.png
├── [ 988]  CSRF Exploit.html
├── [188K]  CSRF exploit.png
├── [1.4K]  README.md
└── [144K]  vulnerable request.png

0 directories, 8 files

Remarks