Detections
Analytics
CGI Generic On Site Request Forgery (OSRF)
medium Nessus Plugin ID 47832
Language:
Synopsis
The remote web server may be prone to On Site Request Forgery attacks.Description
The remote web server hosts CGI scripts that fail to adequately sanitize request strings with special characters like dots, slashes, backslashes, equal signs, question marks, etc.By leveraging this issue, an attacker may be able to cause arbitrary GET requests to be executed by a user when he visits the vulnerable pages.
On Site Request Forgery (OSRF) is a variant of the wider Cross-Site Request Forgery (CSRF) attack class.
** The web application will not be affected by this weakness if the
** sensitive operations are all performed through POST or if some common
** defenses against Cross-Site Request Forgery are implemented.
** Even if this weakness cannot be exploited in the current state of the
** web application, allowing users to inject arbitrary characters in
** pages is definitely dangerous.
Solution
Restrict access to the vulnerable application. Contact the vendor for a patch or upgrade.See Also
https://en.wikipedia.org/wiki/Cross-site_request_forgery
http://www.nessus.org/u?a98d8191
http://blog.portswigger.net/2007/05/on-site-request-forgery.html
Plugin Details
Severity: Medium
ID: 47832
File Name: torture_cgi_on_site_request_forgery.nasl
Version: 1.21
Type: remote
Family: CGI abuses
Published: 7/26/2010
Updated: 1/19/2021
Supported Sensors: Nessus
Vulnerability Information
Required KB Items: Settings/enable_web_app_tests