CVE-2019-13497 PoC — One Identity Cloud Access Manager 跨站请求伪造漏洞

Source

https://github.com/FurqanKhan1/CVE-2019-13497

Associated Vulnerability

Title:One Identity Cloud Access Manager 跨站请求伪造漏洞 (CVE-2019-13497)
Description:One Identity Cloud Access Manager（CAM）是美国One Identity公司的一套基于Web的访问管理解决方案。该产品支持单点登录、多因素身份验证、访问控制和审计等功能。 One Identity CAM 8.1.4 Hotfix 1之前版本中存在跨站请求伪造漏洞。该漏洞源于WEB应用未充分验证请求是否来自可信用户。攻击者可利用该漏洞通过受影响客户端向服务器发送非预期的请求。

Readme

# CVE-2019-13497

Exploit Title: Cross Site Request Forgery (CSRF)<br>
Date: 07/10/2019<br>
Exploit Author: Furqan Khan<br>
Vendor Homepage: https://www.oneidentity.com/<br>
Software Link: https://www.oneidentity.com/products/cloud-access-manager/<br>
Version: 8.1.3<br>
Tested on: Kali Linux , Windows 7 ,Ubantu 16.04<br>

#### To exploit this vulnerability an attacker can simply create a HTML form that would submit a logout request and share the link with the victim.On clicking the link , the logout request will be triggered in background and it shall logout the victim from his valid session and from the website..

## The content of CSRF payload is given as under ##
![injected.jpg](https://github.com/FurqanKhan1/CVE-2019-13497/blob/master/CSRF.PNG)

##### Now when the victim would load / click the attcak link shared , he would get logged out from his session #####
![injected.jpg](https://github.com/FurqanKhan1/CVE-2019-13497/blob/master/logged_out.PNG)

#####  Bingo ! That was easy ! #####

File Snapshot


 [4.0K]  /data/pocs/f3adf59650832c5f99df8ff222801b2e74f912c3
├── [163K]  CSRF.PNG
├── [ 33K]  logged_out.PNG
└── [1005]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!