PRTG Hardening Security CSRF

PRTG version 22.1.74 introduces protection from Cross Site Request Forgery (CSRF) attacks to harden the products security. 
In CSRF the attacker sends the victim an URL with an action, like adding an administrative account, transfering some money to another bankaccount or something similar. When the victim clicks on the link, the (unintended) action is executed with the victims permissions. Implementing XSRF tokens prevent this attack. 
Updating PRTG server to 22.1.74 prevents changes to PRTG via web forms that attackers may use to trick PRTG users into performing requests with the user account's context. (CVE-2021-34547)



Explot payload: 

PRTG user accounts after executing payload:



at No comments:
Labels: , ,
Subscribe to: Posts (Atom)

Monitor UniFi WLAN Access Point with PRTG with SNMPv3 Auth+Encrypted

This is a tiny guide howto monitor your UniFi wireless accesspoint, in this case a Unifi U7 pro with SNMPv3 with AES-Encryption and SHA-Auth...