In CSRF the attacker sends the victim an URL with an action, like adding an administrative account, transfering some money to another bankaccount or something similar. When the victim clicks on the link, the (unintended) action is executed with the victims permissions. Implementing XSRF tokens prevent this attack.
Updating PRTG server to 22.1.74 prevents changes to PRTG via web forms that attackers may use to trick PRTG users into performing requests with the user account's context. (CVE-2021-34547)
Explot payload: 
PRTG user accounts after executing payload:
No comments:
Post a Comment