lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 26 Jun 2014 16:13:48 -0400
From: Ubani Balogun <>
Cc: "Justin C. Klein Keane" <>
Subject: [FD] openSIS 4.5 - 5.3 Cross Site Request Forgery Vulnerability

Hash: SHA1

openSIS 4.5 - 5.3 Cross Site Request Forgery Vulnerability

Author: Ubani Anthony Balogun <>
Reported: June 26, 2014

Product Description:
- --------------------
openSIS, is a free student information system that rivals costly
commercial alternatives in looks, functionality, ease of use and

Description of Vulnerability:
- -----------------------------
openSIS versions 4.5 and 5.3 suffer from a Login Cross Site Request
Forgery Vulnerability (Login CSRF) owing to it's failure to secure the
login form with CSRF tokens.
The vulnerability is futher exarcebated by the fact that a HTTP Get
request can be used to perfom login actions, allowing login requests
to be forged via urls.

System impacted:
- ----------------
openSIS versions 4.5 and 5.3 were tested and found to be vulnerable.

- -------
This vulnerability allows a malicious attacker to log a victim into an
account other than theirs, and have the victim update the account with
their personal information (identity theft), perform actions in the
name of the account, or mount other Social Engineering attacks.
For further explanation of this vulnerability, please refer to

Mitigating Factors:
- -------------------
The vulnerability is mitigated by the fact that the name of the logged
in user is displayed on the site pages.

Proof of Concept:
- -----------------
1. Install OpenSIS 4.5 or 5.3 and create user login credentials
(username and password).
2. Navigate to /index.php?USERNAME=username&PASSWORD=password
3. The opensis system logs you into the account.
4. This vulnerability can also be exploited by crafting and accessing
the link from within an email.

Patch Advisory:
- ---------------
This vulnerability can be patched by implementing CSRF tokens on the
login form and requiring POST requests for login.

Vendor response:
- ----------------
Vendor responds issues will not be fixed in versions < 5.3

- -- 
Ubani Anthony Balogun
Information Security and Unix Services
University of Pennsylvania
School of Arts and Sciences
3600 Market St.
Suite 501
Philadelphia, PA 19104
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird -


Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists