CVE-2015-6973

Ignite Realtime Openfire 3.10.2 - Cross-Site Request Forgery via Multiple Administrative Endpoints

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-6973. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This exploit demonstrates CSRF vulnerabilities in Openfire 3.10.2, allowing unauthorized actions such as changing admin passwords, adding users, modifying server settings, and permitting malicious clients. The PoC includes HTML/JavaScript snippets and direct URLs to exploit these endpoints.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via a crafted request to user-password.jsp, (2) add users via a crafted request to user-create.jsp, (3) edit server settings or (4) disable SSL on the server via a crafted request to server-props.jsp, or (5) add clients via a crafted request to plugins/clientcontrol/permitted-clients.jsp.

Exploits (1)

exploitdb WORKING POC

by hyp3rlinx · textwebappsjsp

https://www.exploit-db.com/exploits/38192

View Code ZIP pw:eip

This exploit demonstrates CSRF vulnerabilities in Openfire 3.10.2, allowing unauthorized actions such as changing admin passwords, adding users, modifying server settings, and permitting malicious clients. The PoC includes HTML/JavaScript snippets and direct URLs to exploit these endpoints.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Openfire 3.10.2

No auth needed

Prerequisites: Victim must be authenticated as an admin and visit a malicious page

MITRE ATT&CK