CGI Generic On Site Request Forgery (OSRF)

medium Nessus Plugin ID 47832

Synopsis

The remote web server may be prone to On Site Request Forgery attacks.

Description

The remote web server hosts CGI scripts that fail to adequately sanitize request strings with special characters like dots, slashes, backslashes, equal signs, question marks, etc.

By leveraging this issue, an attacker may be able to cause arbitrary GET requests to be executed by a user when he visits the vulnerable pages.

On Site Request Forgery (OSRF) is a variant of the wider Cross-Site Request Forgery (CSRF) attack class.

** The web application will not be affected by this weakness if the
** sensitive operations are all performed through POST or if some common
** defenses against Cross-Site Request Forgery are implemented.
** Even if this weakness cannot be exploited in the current state of the
** web application, allowing users to inject arbitrary characters in
** pages is definitely dangerous.

Solution

Restrict access to the vulnerable application. Contact the vendor for a patch or upgrade.

See Also

https://en.wikipedia.org/wiki/Cross-site_request_forgery

http://www.nessus.org/u?a98d8191

http://blog.portswigger.net/2007/05/on-site-request-forgery.html

Plugin Details

Severity: Medium

ID: 47832

File Name: torture_cgi_on_site_request_forgery.nasl

Version: 1.21

Type: remote

Family: CGI abuses

Published: 7/26/2010

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

Required KB Items: Settings/enable_web_app_tests

Reference Information

CWE: 345, 346, 352, 928, 936